bilibili-subtitle-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/download_and_chunk.py and scripts/cheese_downloader.py) fetch subtitle JSON from public Bilibili APIs and subtitle_url endpoints (user-generated/untrusted third‑party content) and SKILL.md explicitly instructs sub-agents to read the downloaded subtitle chunks for summarization, so that external subtitle text can be interpreted and influence the agent's outputs/decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill at runtime fetches subtitle JSON from Bilibili APIs (e.g., https://api.bilibili.com/x/player/v2 and the dynamic subtitle_url returned by it) and writes those remote subtitle chunks that are then injected into LLM prompts for summarization, so external content can directly control the model context.