youtube-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls yt-dlp on user-supplied public URLs (YouTube, Bilibili, Twitter/X, TikTok and 1000+ sites) — e.g., get_video_info() and download_video() — and ingests/prints metadata, titles, subtitles and other user-generated content from those third‑party sites as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.35). The skill does not instruct the agent to obtain sudo, create users, or edit system/SSH/service files, so it is not a high-risk system-compromise prompt, but it does include package-install commands (apt-get/brew) and a pip --break-system-packages flag that can alter system state and may require elevated privileges, so there is moderate risk.