creative-market-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The SKILL.md explicitly says the extension "will read your purchase history on Creative Market" and load asset pages/download links from Creative Market (a public, user-generated marketplace), meaning it ingests untrusted third-party web content as part of its workflow and uses that content to decide and perform downloads.