video-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and parses subtitles from public YouTube URLs using yt-dlp (see "Download YouTube Subtitles" and the n8n "Node 1: Download Subtitle" code in SKILL.md) and feeds those untrusted transcripts into an AI analysis step that drives screenshots, timestamp validation, and saves to Notion, so third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs yt-dlp at runtime to fetch subtitles from YouTube video URLs (e.g., https://www.youtube.com/watch?v=VIDEO_ID), then injects that fetched transcript directly into the AI prompt/context, so external content from that URL controls model input.