story-explanation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly fetch and ingest arbitrary public URLs and YouTube transcripts (e.g., workflows/create-abridged.md Step 2 "Fetch Content" using yt/yt-dlp and WebFetch; workflows/create.md Step 2 "Gather Input Content" using WebFetch/yt-dlp; and workflows/create-with-links.md STEPS 1 and 5 which extract source URLs and mandate adding inline links), and that external, untrusted content is read and used to drive UltraThink framing and subsequent actions, so it can materially influence tool behavior and enable indirect prompt injection.