video-understand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests arbitrary public video content (YouTube and other URLs) — e.g., process_video.py's is_youtube_url/download_video using yt-dlp and the Gemini/OpenRouter flows (references/gemini.md, references/video-sources.md) — and then transcribes and analyzes that untrusted third‑party audio/visual content as part of its normal workflow, which could allow indirect prompt-injection from the media to influence tool behavior or outputs.