hifi-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and scripts (e.g., scripts/lib/lastfm.py calling Last.fm's public API at http://ws.audioscrobbler.com/2.0/, scripts/lib/spotify.py calling the Spotify API, and platform_search/platform_download using Qobuz/TIDAL catalog results) fetch and ingest open, third‑party (user/website) content and then use those results to drive recommendations and download actions, so untrusted external content can materially influence subsequent tool use and decisions.