podcast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 3 (URL mode) explicitly calls capture_website on user-supplied https?:// URLs and extracts product names, features, pricing and other facts that are then used as factual anchors for the generated script, so arbitrary public web content can be ingested and materially influence the agent's output (risk of indirect prompt injection).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls capture_website on a user-supplied https?:// URL (e.g., https://pika.art or https://github.com/anthropics/claude-code) at runtime and directly injects extracted facts/features from that fetched content into the script prompts, so remote content can control agent output.