video-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly accepts public video URLs (e.g., "YouTube or video URL") and the pipeline downloads (yt-dlp), transcribes (mlx-whisper), and summarizes those external videos, so the agent ingests untrusted, user-generated web content that can influence downstream summaries and actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy credentials. Most items are documentation placeholders (e.g., "URL_HERE"), environment names, ports, local file paths, and simple example strings — all of which I ignored per the rules (low entropy / documentation placeholders).

However, the raw curl example includes a long hex-like token in the path: http://localhost:8288/e/37aa349b89692d657d276a40e0e47a15

That value is high-entropy and appears to be an endpoint identifier/secret that could be used to trigger the Inngest pipeline. Even though it targets localhost (and might be an example), it is a direct, usable literal token rather than a placeholder. Per the definition requirement to flag high-entropy, literal values that provide access, this should be treated as a secret and redacted or rotated if it is valid.

No other high-entropy API keys, private keys, or passwords were found. Simple example strings like "URL_HERE", "XXXX", "YYYY", and "ZZZZ" are ignored as placeholders.