youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public, user-generated YouTube transcripts (via youtube_transcript_api in scripts/fetch_transcript.py and oEmbed requests in get_video_title) and SKILL.md instructs summarizing the returned full_text, so untrusted third-party content from YouTube is read and can materially influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs configuring and bringing up a WireGuard VPN and using residential proxies to bypass YouTube IP blocks, which typically requires elevated privileges and changes network/system configuration, so it encourages state-changing operations on the host.