baoyu-youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches public YouTube pages and caption files (see youtube.ts: fetchHtml/fetchInnertubeData and fetchTranscriptSnippets, plus downloadCoverImage) and then the speaker-identification workflow explicitly reads the saved .md (containing the video description and SRT transcript) and feeds it to a sub-agent using prompts/speaker-transcript.md, so untrusted user-generated YouTube content is parsed and directly influences AI processing and output formatting, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill unconditionally invokes yt-dlp with the flag "--remote-components ejs:github" (in fetchYtDlpInfo), which at runtime causes yt-dlp to fetch and execute remote components from GitHub, creating a clear remote-code-execution dependency.