crypt-librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes untrusted, user-generated web content (e.g., Letterboxd/MUBI/Criterion via Exa's contents/crawling in scripts/exa_film_search.py, Firecrawl scrape commands in SKILL.md, and Reddit JSON API calls in scripts/flexible_discovery.py), and those results are read and used by the agent to drive discovery, filtering, and archive actions—allowing third-party text to materially influence tool use and decisions.