gifhorse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the tool to "download subtitles from online providers" by default when running "gifhorse transcribe", meaning it fetches and ingests untrusted public subtitle files (third-party/user-generated) that the agent reads and uses for search/clip creation, which could allow indirect prompt injection.