listenhub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and forwards arbitrary public URLs and user-provided content (e.g., --source-url in scripts/create-podcast.sh and create-podcast-text.sh, --type url in scripts/create-tts.sh, --reference-images in scripts/generate-image.sh) and its lib.sh also fetches remote VERSION/scripts from raw.githubusercontent.com, so the agent will ingest and present untrusted third‑party content as part of its workflow.