youtube-transcript-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running "npx -y yt-subs (youtube_url_or_id)" to fetch title, metadata, description and the full transcript from public YouTube videos (user-generated content), which the agent ingests as part of its workflow and could contain instructions that influence subsequent decisions or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Yes — the skill instructs running "npx -y yt-subs", which fetches and executes the npm package (e.g. from https://registry.npmjs.org/yt-subs or https://www.npmjs.com/package/yt-subs) at runtime, so remote code is downloaded and executed as a required dependency.