claude-video-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch/download content from public sites (see "Supported Sites" listing YouTube, TikTok, Reddit, etc.) and to retrieve/print metadata and subtitles (see "Video Info" with --dump-json and "Download with Subtitles"), which are untrusted user-generated sources the agent is expected to read and that could influence subsequent actions.