youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests transcripts/subtitles from arbitrary public YouTube URLs using yt-dlp (see SKILL.md commands like yt-dlp --write-sub/--write-auto-sub and the "When the user provides a YouTube URL" workflow), so it reads untrusted, user-generated third‑party content that could contain instructions influencing subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs package-install commands at runtime (e.g., "pip3 install yt-dlp" and "pip3 install openai-whisper") which will fetch and execute remote code from PyPI (https://pypi.org), so the implicit PyPI URL is a runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill explicitly instructs installing system packages (including a sudo apt install command), installing large third-party software (whisper) and downloading/removing files on the host, which requires privileged/system changes and thus can modify/compromise the machine state.