keyapi-youtube-video-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the KeyAPI MCP YouTube server (https://mcp.keyapi.ai/youtube/mcp) to fetch YouTube data including user-generated comments, nested replies, related recommendations and search results (see SKILL.md endpoints like get_video_comments/get_video_sub_comments and scripts/run.js callTool logic), and it ingests and synthesizes those third-party comments into analysis, so untrusted web content can influence agent decisions.