bilibili-obsidian-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated content from public Bilibili pages and subtitle URLs (see scripts/bili_fetch_subtitle.py and scripts/bili_vision_notes.py which call Bilibili APIs, HTML-sniff video pages, download subtitle .json/.vtt and preview sprites), and the agent workflow and developer_instructions (SKILL.md and .codex/agents/media-note-writer.toml) require the agent to read and act on those subtitles/keyframes to drive note generation and follow-up actions, so third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's _ensure_tools() downloads Windows binaries at runtime and then executes them (yt-dlp from https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp.exe and an FFmpeg ZIP from https://github.com/BtbN/FFmpeg-Builds/releases/latest/download/ffmpeg-master-latest-win64-gpl.zip), so remote executables are fetched during runtime, run locally, and are required for the skill to operate.