expert-panel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill ingests public, untrusted user-generated content and uses it to drive LLM decisions — e.g., scripts/editorial-brain.py downloads YouTube auto-subtitles via download_vtt/yt-dlp and parses transcripts to pass into Claude for clip discovery and automatic cutting, and the quote-mining/feedparser RSS configuration in content-transform/README/.env likewise fetches external podcast feeds — so third-party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill dynamically downloads YouTube content at runtime (via yt-dlp) from URLs like https://youtube.com/watch?v=... and then injects the fetched transcript into Claude prompts for analysis, so external content from that URL directly controls LLM prompts.