media-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's download.py takes arbitrary public URLs and uses yt-dlp to fetch media and subtitles from open sites (YouTube, TikTok, Twitter/X, Instagram, Bilibili, etc.), thus ingesting untrusted user-generated content (titles/subtitles/metadata) as part of its runtime workflow and could enable indirect prompt injection.