youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script scripts/fetch-transcript.mjs fetches and scrapes public YouTube pages and the YouTube timedtext/youtubei APIs to ingest user-generated video captions, which Claude is then instructed (in SKILL.md) to read and translate/summarize as part of its workflow, exposing the agent to untrusted third-party content that could contain indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches transcript text at runtime from YouTube endpoints (e.g., https://www.youtube.com/api/timedtext?… and https://www.youtube.com/youtubei/v1/player?key=…) and injects that remote content directly into the model prompts for translation/summarization, making those URLs runtime dependencies that can control agent instructions.