bilibili-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core client fetches public, user-generated Bilibili content (e.g., comments, subtitles, feeds) via functions like _get_video_comments, _get_video_subtitle, and _get_feed (and returns them in get_video/get_feed), so the agent ingests untrusted third‑party webpages/JSON from Bilibili that could materially influence subsequent actions (including interactive operations like post_dynamic/like/coin) as part of its normal workflow.