watch-youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public YouTube video content provided by a URL (see SKILL.md "Pass any YouTube URL..." and watch.py which passes the user-supplied URL as FileData(file_uri=url) to Gemini), so untrusted user-generated video/audio could contain instructions that influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The watch.py script accepts a YouTube URL (e.g., https://www.youtube.com/watch?v=VIDEO_ID) at runtime and passes it as file_uri to Gemini so the fetched video/audio is injected into the model context and directly controls the agent's outputs, making the external URL a required runtime dependency.