youtube-transcript-extractor-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts/youtube_transcript_extractor_api.py explicitly take an arbitrary YouTube TargetURL and use the BrowserAct API to extract and return the video's transcript and metadata (including the "transcript" field), meaning the agent will ingest untrusted, user-generated content from public YouTube pages that could contain instructions influencing subsequent actions.