baoyu-youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses open web, user-generated YouTube content (transcript payloads via fetchTranscriptSnippets and watch-page HTML via fetchInnertubeSource in scripts/youtube.ts, plus thumbnails/descriptions) and the required --speakers workflow (SKILL.md and prompts/speaker-transcript.md) explicitly has a spawned sub-agent read the saved .md (raw transcript and description) and act on that content to identify speakers and overwrite outputs, so arbitrary third‑party text can directly influence agent decisions and actions.