youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow uses yt-dlp to fetch YouTube subtitle/VTT content from a user-supplied VIDEO_URL, and that fetched caption text (authored by third parties/YouTube uploaders) is then converted to plain text and fed into the agent for summarization—an outsider-authored free-text injection surface.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs installing software with privileged commands (e.g., "sudo apt install yt-dlp", pip/brew installs and downloading audio), which modify system state and require elevated privileges, so it poses a risk to the host machine.