audio-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes arbitrary public URLs (e.g., YouTube, SoundCloud, Bandcamp, RSS feeds) as shown in SKILL.md examples and scripts/extract_audio.py, ingesting untrusted user-generated content and metadata that are parsed and used to build commands, filenames, and embedded metadata—behavior that could allow third-party content to influence tool invocation or outputs.