japanese-deep-translate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetcher (scripts/fetch_song.py) automatically queries tonzhon.com and may download LRC lyrics plus MP3s via NetEase/yt-dlp (SoundCloud/YouTube), writes a skeleton.json of those externally sourced lyrics, and the SKILL.md explicitly instructs the agent to read and merge that skeleton.json as part of its workflow—meaning untrusted, public third‑party text is ingested and interpreted at runtime and can influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The fetcher contacts https://tonzhon.com/api.php at runtime to retrieve LRC lyrics which are written into skeleton.json and then injected as the agent's input for sentence-splitting and translation, so external content from tonzhon.com directly controls the model's prompts/inputs.