clientclub-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly says the extension inspects the active ClientClub portal page and supported embedded providers (Loom, Vimeo, Wistia, YouTube) — public, user-provided third‑party web content — and parses those pages/players to detect streams and choose download actions, so untrusted third‑party content is ingested and can influence the agent's behavior.