youtube-transcript-analysis-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public YouTube transcripts via the BrowserAct API (see "Phase 1 — Transcript Extraction" in SKILL.md and scripts/youtube_transcript_analysis_api.py using TargetURL/KeyWords), and the agent is required to read and analyze those untrusted, user-generated transcripts to drive its 8-dimension analysis and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime requests to the BrowserAct API (https://api.browseract.com/v2/workflow) to fetch transcript/output that is then injected into the agent's analysis context and thus directly controls the agent's prompts and required behavior.