youtube-comments-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated YouTube video and comment data via the BrowserAct API (see SKILL.md description and scripts/youtube_comments_api.py), which the agent reads and uses for analyses and downstream actions, exposing it to untrusted third-party content that could carry indirect prompt-injection instructions.