supadata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch transcripts and scrape pages from public, user-generated sources (e.g., "Get YouTube Video Transcript", "Scrape Web Page to Markdown", "Crawl Website", and social platform endpoints) which the agent will read and could contain untrusted instructions that influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime curl requests to https://api.supadata.ai/v1 (e.g., /transcript, /web/scrape) and returns transcripts/Markdown "ideal for AI processing", which is high-confidence evidence the fetched external content is used at runtime to control model input/prompts and is required for the skill to function.