yt-dlp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and inspects content from open/public third‑party sites (e.g., YouTube, Bilibili, Twitter/Instagram/TikTok) via user-provided URLs and commands like yt-dlp --write-info-json, --dump-json, --list-formats and the examples/urls.txt, so the agent will consume untrusted, user-generated web content as part of its workflow.