youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches transcripts from user-supplied YouTube URLs using yt-dlp (see SKILL.md Step 2 and the fetch-transcript.mjs script) and instructs the agent to read and act on the full transcript to produce summaries and takeaways (see SKILL.md "Step 4: Summarise"), so untrusted, user-generated third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires the yt-dlp binary and includes a runtime installation command that fetches and makes executable the remote binary from https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp_macos, which results in executing remote code.