onlyfans-video-downloader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The links include mostly low-risk assets (YouTube, raw GitHub image) but point to a third‑party landing page (serp.ly) plus a GitHub repo/releases from an unrecognized publisher offering a browser extension/packaged downloads — no direct .exe shown but those release pages and third‑party installers are common vectors for malicious/spyware extensions, so this is a moderate-to-high risk download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and parses user-generated OnlyFans creator pages (see SKILL.md steps "Visit a supported creator page" and "Bulk gallery scanner" / "The extension begins detecting supported content from the active page"), ingesting untrusted third‑party page content and metadata that directly determine download actions.