video-transcript-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill (scripts/vtd.js and SKILL.md) directly fetches and reads transcripts/subtitles from arbitrary public URLs—YouTube via youtube-transcript-plus and any yt-dlp‑supported site via yt-dlp—producing and outputting untrusted, user-generated content as part of its normal workflow, so those third‑party transcripts could contain instructions that indirectly influence agent behavior.