yt-dlp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes yt-dlp to download and extract data from arbitrary public URLs (SKILL.md triggers on requests like "download this video"), and the included README documents features that ingest untrusted user-generated content—e.g., metadata/description used in output templates (-o), --exec commands, --write-comments, --dump-pages, and SponsorBlock API calls—so webpage/comments/subtitles can be read and can materially influence tool behavior and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README explicitly references and allows fetching/executing external JavaScript components from the yt-dlp-ejs GitHub (https://github.com/yt-dlp/ejs) at runtime via --remote-components or when yt-dlp-ejs is required for YouTube cipher deciphering, so remote content from that URL can be fetched and executed and is a required dependency for some YouTube downloads.