youtube-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill downloads and processes transcripts from public YouTube URLs using yt-dlp (e.g., --list-subs, --write-sub, --write-auto-sub) — i.e., untrusted/user-generated content from YouTube — and the agent reads and post-processes that content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to automatically install software and explicitly includes a sudo apt install command (and other system-level install steps), which directs the agent to perform privileged system modifications.