cross-niche-outliers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches public, user-generated content — e.g., scripts/scrape_cross_niche_outliers.py and scripts/scrape_cross_niche_tubelab.py retrieve YouTube metadata/transcripts via youtube-transcript-api and Apify (and TubeLab search results) and then pass those transcripts into Anthropic prompts for summarization and title generation, so untrusted third‑party content is ingested and can directly influence model outputs and downstream actions (Google Sheet updates).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the TubeLab API at https://public-api.tubelab.net/v1/search/outliers at runtime (requires TUBELAB_API_KEY) to fetch outlier video data that is used to build prompts/context sent to the Anthropic model, so external content from that URL directly influences the agent's prompts.