youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow fetches YouTube transcripts from a user-supplied video URL/ID via fetch_transcript.py, and the script ingests the resulting transcript text (outsider-authored content from the video creator) into the LLM context for summarization.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to check and "bring up" a VPN (WireGuard) as part of its workflow and references system-level WireGuard configuration, which implies modifying network interfaces or system configuration requiring elevated privileges and thus changing the machine's state.