baoyu-youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches public YouTube pages and InnerTube API (see scripts/main.ts functions fetchHtml/fetchInnertubeData/fetchTranscriptSnippets) and saves transcripts and the video description which a spawned sub-agent then reads and processes per prompts/speaker-transcript.md, so untrusted, user-generated third-party content (transcripts/descriptions) is directly consumed and can influence downstream processing and labeling.