m3u8-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly says the extension "watches browser-visible media requests" and requires navigating to a supported page so the stream "manifest and segments start loading" (How It Works / Step-by-Step Tutorial), meaning it ingests untrusted third-party M3U8 manifests and page-exposed media from arbitrary websites which the agent must parse to drive downloads.