download-anything

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and scripts (SKILL.md and referenced files like references/cloud-search.md and references/tools-reference.md, plus scripts such as scripts/dl-video.sh, scripts/dl-gallery.sh, and use of yt-dlp/gallery-dl) explicitly fetch and parse arbitrary public web resources (social media, cloud-drive search engines, shadow libraries, forums, etc.), and instruct the agent to parse metadata/JSON and choose download actions—meaning untrusted third-party content can directly influence tool use and next actions.