youtube-render-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and downloading content from public YouTube videos (metadata, thumbnail/cover image, subtitles, full video, and extracted frames) and instructs the agent to inspect and interpret those untrusted, user-generated sources (see "Source Acquisition", subtitle selection, and "view image" / frame inspection rules), which the agent must read and act on as part of its workflow — enabling indirect prompt injection.