research-yt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public YouTube channel pages and video transcripts (via yt-dlp and Whisper) and instructs the agent to read the channel index JSON and per-video transcript files in ./.research-yt/ to filter, cite, and synthesize findings (see SKILL.md Steps 2–5 and scripts/list_channel.py and scripts/fetch_transcripts.py), so untrusted, user-generated web content directly influences the agent's decisions and actions.