youtube-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch YouTube transcripts/metadata via Supadata and to web_fetch external links in video descriptions (user-generated public content) and then parse those transcripts/descriptions to extract prompts, workflows, and actionable "If X then Y" mappings that drive saving, repurposing, and other tool actions, exposing the agent to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandatorily calls Supadata API endpoints at runtime (e.g., https://api.supadata.ai/v1/youtube/transcript and https://api.supadata.ai/v1/youtube/video) and explicitly instructs fetching arbitrary external links from video descriptions via web_fetch to extract copy‑pasteable prompts, templates, and code snippets that are injected into the agent context, meaning remote content can directly control prompts or supply executable code.