writer-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary URLs and YouTube links (SKILL.md Step 1) and its converters (scripts/convert_to_markdown.py and scripts/youtube_handler.py) fetch and scrape page HTML/transcripts into content.md, which the planner then reads (e.g., glossary extraction and context files in references/context-optimization.md and SKILL.md Step 3) to drive planning decisions—so untrusted, user-generated web content can directly influence tool behavior.