youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches video/channel data and analytics from YouTube (public, user-generated content) — for example the "get_details" action and API responses returning video metadata — so the agent will ingest untrusted third-party content that could carry indirect prompt injection.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged the string "skpi-jdgmfvnvnx0fxm3npchfuqwg" because it is a high-entropy, literal value that resembles an API/service key (prefix "skpi-" plus a long random-looking suffix) and is directly present in a runnable command. This matches the definition of a secret (actual API key) and is not a generic placeholder like "YOUR_API_KEY" or "sk-xxxx".

Other values in the document were ignored:

• The workflow URL/IDs (e.g., "c-i7p2l6i0ceoa8urcbtk06rbi", "we-xxx") are identifiers for navigation/status and not credentials.
• The YouTube video id "dQw4w9WgXcQ" is a public content identifier, not a secret.