youtube-captions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly downloads and ingests captions/transcripts from arbitrary public YouTube URLs (see SKILL.md usage and scripts/get-captions.sh which uses yt-dlp and Whisper to fetch subtitles/audio), so untrusted, user-generated third‑party content from the open web is read and can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill downloads captions/transcripts from a user-supplied YouTube URL at runtime (e.g., https://www.youtube.com/watch?v=dQw4w9WgXcQ), and those fetched transcripts are injected into the agent context and can therefore directly control prompts.