tl-live-music-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and consume open/public third‑party API responses and (as a fallback) scraped HTML (see "Third-Party Content: Trust Model & IPI Hygiene" and the "Web Scraping Fallback" / firecrawl examples that target sites like AllMusic, JamBase, MusicBrainz, Genius, nugs.net, etc.), which means untrusted user-generated web content is read and used to drive lookups and subsequent API calls — exposing the agent to indirect prompt injection risk.