podcast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read arbitrary URLs as part of its required workflow (see SKILL.md "Step 1: Read the content" and README examples like "/podcast https://some-article-url.com"), meaning untrusted public web content is ingested and directly shapes the generated script/audio output and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly tells the agent to "do each step yourself" and includes instructions to run system-level commands that require sudo (e.g., "sudo apt install ffmpeg"), which directs the agent to obtain privileged access and change the machine state.