analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime scripts explicitly fetch and parse third-party user-generated content — e.g., scripts/tg-stats.py and scripts/tg-channel-stats.py read Telegram channel messages via Telethon and scripts/yt-stats.py and scripts/yt-deep-stats.py fetch YouTube RSS/API data — and the agent reads and acts on that content to compute metrics and pick top posts, so untrusted external content can materially influence behavior.