youtube-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests untrusted, user-generated content from public YouTube (YouTube Data API commands for search, videos, and commentThreads in SKILL.md, the "Web: WebSearch/WebFetch" tool, and the scripts/fetch_transcript.py that auto-fetches transcripts), and the workflow requires the agent to read and analyze that content to drive recommendations and next actions.