youtube-summarize

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Both links point to unverified third-party distribution of an executable/installation command (a GitHub release zip from an unknown account and a glot.io snippet that asks you to run an install command), lack signatures/checksums, and instruct running code/binaries from untrusted sources, which are common malware distribution patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill downloads and converts transcripts from public YouTube videos (via yt-dlp/openclawcli using "VIDEO_URL") and then sends those untrusted, user-generated transcripts to an LLM for summarization, exposing the agent to possible indirect prompt injection from arbitrary web content.