hifi-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and ingests content from open third-party services (Last.fm, Spotify, Qobuz, TIDAL) — e.g., scripts/lib/lastfm.py, scripts/lib/spotify.py and platform_search.py (and the SKILL.md workflows) call those APIs and return/expose JSON/text results that the agent reads and uses to decide searches and downloads, so untrusted/user-provided content could influence subsequent tool actions.