youtube-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches transcripts from public YouTube videos (see SKILL.md "Get Transcript" example and scripts/get_transcript.py which invokes yt-dlp on arbitrary YouTube URLs), causing the agent to read untrusted, user-generated content that can materially influence summarization/QA and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls yt-dlp at runtime to fetch subtitles from user-supplied YouTube URLs (e.g., https://www.youtube.com/watch?v=VIDEO_ID or https://www.youtube.com/watch?v=dQw4w9WgXcQ), and the retrieved transcript text is injected into the agent's processing flow to drive summaries/answers, so external content can directly control prompts.