youtube-own-channel-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires embedding the user's YouTube Data API v3 key directly into request URLs/commands (key={API_KEY}), which forces the LLM to handle and potentially output the secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated YouTube content via the YouTube Data API v3 (see SKILL.md "Fetch Data" and the GET /search and GET /videos endpoints in references/api_reference.md) and then reads/analyzes video titles/descriptions as part of its workflow, so untrusted third‑party content can influence agent decisions.