full-video-workflow-skill
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Outsider-authored free text is ingested when the skill uses Playwright to fetch each user-provided competitor YouTube URL and extracts the “Show transcript” text (Step 2), which is third-party transcript content placed into the agent’s LLM context for analysis (Step 3) and later claim verification (Step 6).
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata