pp-movie-goat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls live data from public third-party APIs (e.g., "combines TMDb's discovery engine with OMDb" and requires a TMDB_API_KEY in Auth Setup) and instructs agents to run commands like movie-goat-pp-cli movies get, ratings, and tonight and parse the .results JSON as part of decision-making, so untrusted/public content can be ingested and materially influence subsequent actions.