podcast-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime workflow (scripts/download_podcast.py: fetch_episodes_via_api, fetch_episode_by_id, get_rss_feed_url and parse_rss_feed) explicitly fetches and parses public iTunes API responses and external RSS feeds (e.g., feed URLs returned by the API), which are untrusted, user-generated web content and are used to determine which episode URLs to download and how to proceed.