youtube-ingestion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches transcripts from public YouTube (see SKILL.md "Fetch transcript" step and scripts/fetch_transcript.py which uses youtube-transcript-api), so the agent ingests untrusted, user-generated transcript content that it reads and summarizes and could be influenced by embedded instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches transcripts at runtime from user-provided YouTube URLs (e.g., https://youtube.com/watch or https://youtu.be/) via the youtube-transcript-api and injects that external text into the notes/model context, so external content can directly influence agent prompts and outputs.