youtube-video-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests public YouTube content (video + subtitles) from a user-provided URL using yt-dlp (see SKILL.md Phase 1 and scripts/preprocess.sh) and the agent is instructed to read and act on subtitle text and frame images in Phase 3/4 prompts, so untrusted, user-generated third-party content could embed instructions that influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The preprocess.sh and other workflows download an arbitrary YOUTUBE_URL at runtime via yt-dlp (e.g., "https://youtube.com/watch?v=xxxxx"), extract subtitles/frames, and inject those remote subtitles and images directly into the agent prompts for analysis, so external content can control the model's inputs and behavior.