bilibili-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, user-generated Bilibili content (see SKILL.md and scripts like scripts/download_subtitles.py and download_with_config.py which call v.get_subtitle(), v.get_info(), and get_download_url) and the agent reads and acts on that content (saving/using titles, subtitles, covers), so untrusted third‑party text could influence behavior.