watch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to AskUserQuestion for API keys and then write them into ~/.config/watch/.env, meaning the agent will receive and handle user secrets (and may embed them verbatim into commands/files), creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads arbitrary public videos via yt-dlp and ingests native captions or Whisper-produced transcripts (see SKILL.md and scripts/watch.py / download.py / transcribe.py), then has the agent Read those frames and transcripts and use them to decide/answer, which exposes it to untrusted, user-generated third‑party content that can influence actions.