muapi-youtube-shorts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly accepts arbitrary YouTube or hosted mp4 URLs as the --source (SKILL.md inputs and scripts/run-youtube-shorts.sh Stage 1) and then passes the downloaded/hosted video into muapi edit clipping which transcribes and LLM-ranks highlights, so untrusted, user-generated third‑party content is ingested and can materially influence downstream decisions/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The orchestrator invokes the muapi service at runtime via the muapi CLI to perform transcription, LLM-driven highlight ranking and cropping (see https://muapi.ai/playground/ai-clipping), meaning remote code/prompting is executed by that external endpoint and is a required dependency for the skill.