serp-audio-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says the extension "downloads ... from any website" and "operates only on the page the user intentionally opens in the active browser tab," meaning it ingests untrusted public webpage content (user-provided/open-web) to detect playback sources that directly determine download actions, which could allow indirect prompt-injection via page content.