youtube-influencer-finder-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the BrowserAct workflow API (see scripts/youtube_influencer_finder_api.py and SKILL.md) to scrape and return YouTube search results and creator profile data (user-generated, public third‑party content) which the agent is expected to read and use for influencer identification/outreach, so untrusted page content could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the skill calls https://api.browseract.com/v2/workflow (POST /run-task-by-template with TEMPLATE_ID "85430137964765321"), which triggers execution of a remote workflow/template and is a required external runtime dependency that effectively executes remote code for the agent's results.