youtube-harvester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and ingests user-generated content from public YouTube videos, playlists, and channels (via youtube-transcript-api and yt-dlp subprocess calls), so the agent will read and process untrusted third-party transcripts and metadata.