youtube-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and renders metadata and thumbnails from arbitrary public YouTube URLs (see SKILL.md "Default flow" and scripts/download_video.py: print_video_info and fetch_oembed_info) and uses that untrusted, user-generated third‑party content to choose download behavior (clients, cookies/PO-token flow, retries, and follow-up actions), which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, at runtime, runs pip installs using the PYPI mirror URL https://pypi.tuna.tsinghua.edu.cn/simple (and pulls/runs the external Docker image brainicism/bgutil-ytdlp-pot-provider), which fetches and executes remote code to provide the PO token provider functionality required for high-quality downloads.