media-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill bundle includes shared runtime code that fetches and ingests arbitrary public URLs (e.g., _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs uses yt_dlp to download item.sourceUrl and network_runtime.mjs provides requestText/requestBytes/downloadFile), meaning the agent will read untrusted, user-supplied web content (videos/pages) which can be transcribed/analyzed and thus materially influence downstream routing and actions.