watch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes content from arbitrary public video URLs (YouTube, TikTok, Loom, any URL yt-dlp supports) — see SKILL.md and watch.py functions like fetch_subs_only, _download_url and run_with_frames — and instructs the agent to read/interpret transcripts and frame image paths as part of its workflow, so untrusted, user-generated third-party content could materially influence decisions and tool use.