watch-youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests arbitrary public YouTube videos provided by the user (see SKILL.md "Pass any YouTube URL" and watch.py which passes the URL into types.FileData(file_uri=url)), so the agent will read and analyze untrusted, user-generated third‑party content.