soundcloud-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and interprets content from SoundCloud web pages — detecting playback streams and metadata as described in "How It Will Work" and "Security & Scope" of SKILL.md — and those pages are public, user-generated sources that directly influence what the extension downloads, creating a clear avenue for indirect prompt injection.