tmdb-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and consumes data from the public TMDB API (e.g., GET /trending/{media_type}/{time_window}, /search/multi, /movie/{id} in SKILL.md) and uses returned fields (titles, overviews, videos/keys/URLs) to decide which assets/URLs to display or open, exposing the agent to untrusted, user-contributed third‑party content that could carry indirect prompt-injection payloads.