chaturbate-video-downloader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to an unestablished/unknown publisher (serp.* domains and a GitHub repo from non‑well‑known usernames) and include distribution of a browser extension via GitHub releases and a short/marketing domain (serp.ly), with an inconsistent raw.githubusercontent username (serpxxx vs serpapps) — all of which are common indicators of untrusted/obscured distribution that could carry malicious extensions or installers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill is a browser extension that records/downloads from user-opened Chaturbate pages; at runtime it will ingest outsider-authored free text from the loaded Chaturbate room/model pages (public web content) into the extension/LLM context via page DOM/media metadata, creating indirect prompt-injection exposure.