ljg-x-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and parse user-supplied X/Twitter URLs (using yt-dlp --dump-json and then extracting thumbnail/media URLs from the tweet JSON and pbs.twimg.com) — i.e., it ingests untrusted, user-generated public web content and uses that data to decide and perform downloads, so third-party content can influence tool actions.