youtube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the YouTube Data API via the yutu CLI to fetch and list public, user-generated content (e.g., comments, comment threads, search results, channel/videos) as shown in SKILL.md and references/workflows.md (e.g., "yutu commentThread list", "yutu comment list", "yutu search list", "yutu channel list"), and that content is read and used to drive actions like deleting, replying, or other management—exposing the agent to untrusted third-party input that could carry indirect prompt-injection.