ytmusic-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill uses ytmusicapi to fetch and search public YouTube Music content from music.youtube.com (see SKILL.md and scripts like recommend_from_likes.py, recommend_from_seed_*.py, search_and_add.py and get_playlist/get_home calls), which are untrusted/user-generated and are read and interpreted to choose and add tracks and build queries—allowing third-party content to materially influence tool actions.