watch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to AskUserQuestion for API keys and then write them into ~/.config/watch/.env, meaning the agent will receive and handle user secrets (and may embed them verbatim into commands/files), creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads arbitrary public videos via yt-dlp (see scripts/download.py and SKILL.md/README which list YouTube, TikTok, Vimeo, etc.) and the required workflow (scripts/watch.py and commands/watch.md) has the agent Read and act on the extracted frames and transcripts, meaning untrusted, user-generated third‑party content is ingested and can materially influence agent behavior.