postey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md "Video / Reel to Captions & Cross-Posting" and the scripts/video2post.js) explicitly downloads arbitrary public video URLs (YouTube/Instagram/TikTok via yt-dlp), transcribes them with Whisper, and automatically uses those untrusted, user-generated transcripts to generate captions and create/post drafts, so third-party content is ingested and can directly influence posting actions.