youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill downloads and processes transcripts/subtitles and audio directly from public YouTube URLs using yt-dlp (e.g., via --list-subs, --write-sub, --write-auto-sub and audio downloads), thereby ingesting untrusted, user-generated content from YouTube.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs installing system packages (including a sudo apt install command) and running package installers and file-modifying commands (downloads, rm), which require elevated privileges and change the machine state—so it encourages actions that can modify the host system even though it does not create users or alter system configs like ssh/systemd.