youtube-to-bookplayer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches metadata and media from arbitrary YouTube URLs (Phase 1 uses yt-dlp --dump-json and Phase 2 downloads the audio), which is untrusted user-generated content that the workflow parses and uses to set TITLE/ARTIST, decide whether to proceed, and control subsequent tagging/pushing actions, so third-party content can influence agent decisions and actions.