bestblogs-transcribe-youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and scripts/transcribe.ts) explicitly sends arbitrary YouTube URLs to a Gemini Gem via an XHR from gemini.google.com and returns the resulting transcript, so it ingests public/user-generated YouTube content (via gemini.google.com) that the agent is expected to read and could contain instructions influencing subsequent actions.