youtube-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires running hosted collections that fetch public YouTube content (e.g., "audience comments collection" using collection key youtube-comments with example startUrls in SKILL.md), which ingests untrusted, user-generated third‑party content (comments/videos) that the agent is expected to read and use to drive analysis, creating a clear opportunity for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill makes runtime requests to the PostPlus hosted APIs (e.g. https://<POSTPLUS_API_BASE_URL>/api/postplus-cli/hosted/collection and /api/postplus-cli/hosted/capability), and those API responses can include quoteConfirmation/agentAction fields (confirmationCommand and retry templates) which directly shape agent prompts/instructions and the skill requires the hosted bridge, so this is a runtime external dependency that controls agent behavior.