deep-reading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly downloads and processes arbitrary public third‑party content—e.g., YouTube URLs via src/fetcher/youtube.py and the README/SKILL.md which state "Input support: any HTTP/HTTPS link" and web/blog/arXiv sources—extracts transcripts and then feeds those transcripts into the AI processor (processor/inspectional.py and the AI Processor context), so untrusted/user‑generated content is read and interpreted as part of its workflow, enabling indirect prompt injection risk.