youtube-api-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill asks the agent to check for BROWSERACT_API_KEY and, if absent, to "request and wait for the user to provide it collaboratively," which implies the agent may solicit and receive the raw API key (creating exfiltration risk) even though the script itself uses an env var; this requires handling secrets and is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill uses the BrowserAct workflow to scrape public YouTube pages (SKILL.md: "traverses the video results list, opens each video detail page") and the script (scripts/youtube_api.py) fetches the parsed results via task_info['output']['string'], so the agent ingests untrusted, user-generated content from the open web that can directly influence its decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime makes API calls to https://api.browseract.com/v2/workflow (requests.post/get) to run a remote workflow template (TEMPLATE_ID) that performs the scraping logic—i.e., it offloads execution to remote code the skill depends on, so the external URL controls the agent's behavior at runtime.