youtube-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Fetch Transcript" workflow explicitly instructs the agent to retrieve transcripts from arbitrary public YouTube videos via the MCP YouTube transcript server (running getSubtitles and saving /tmp/yt-transcript.json), which are untrusted, user-generated third-party content that the agent parses and acts on to generate summaries and send messages, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires cloning and running code from the external GitHub repository https://github.com/kimtaeyoon83/mcp-server-youtube-transcript (git clone ... && npm install && npm run build) and then executes its code at runtime (node -e importing getSubtitles), so this remote URL provides required executable code for the skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs installing and running a third‑party service under /root (creating files/dirs there and saving transcripts), offers automatic installation, and explicitly mentions using Android emulation to bypass YouTube cloud IP blocking — all of which push the agent to modify host state and evade access controls.