youtube-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Steps 2–4) uses yt-dlp to fetch subtitles from arbitrary YouTube URLs and converts those .vtt captions into plain text, meaning the agent ingests untrusted, user-generated third-party content (YouTube transcripts) that it will read/interpret and which could contain instructions influencing subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs installing system packages using "sudo apt install -y yt-dlp" (and other install commands), which asks the agent to perform privileged system changes and thus can modify the machine's state.