li-transcript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public video URLs (SKILL.md Step 1) and scripts/video2text.py uses yt-dlp to download audio from those third‑party sites and transcribes it, then the agent AI proofreads and uses the transcript to identify authors and decide how/where to archive—so untrusted, user-generated web content is fetched and interpreted as part of the workflow.