whop-video-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the extension to scan and ingest content from Whop pages (e.g., "Open your Whop content" and "the popup scans the page and shows all found videos, images, and text posts") and to act on that user-generated third‑party content (e.g., "Download Visible" bulk downloads), meaning untrusted page content can directly influence tool behavior.