bilibili-to-obsidian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs fetching and extracting subtitles from public Bilibili URLs (e.g., "步骤 1：解析视频信息" and "video2text extract "<B站视频URL>"" / yt-dlp commands), so untrusted user-generated content from B站 is ingested and summarized and can materially influence subsequent outputs/actions.