Indirect Prompt Injection via YouTube Transcripts
mediumnewsLLM-Specific
securitysafety
Source: Embrace The RedMay 14, 2023
Summary
ChatGPT can access YouTube transcripts through plugins, which is useful but creates a security risk called indirect prompt injection (hidden instructions embedded in content that an AI reads and then follows). Attackers can hide malicious commands in video transcripts, and when ChatGPT reads those transcripts to answer user questions, it may follow the hidden instructions instead of the user's intended request.
Classification
Attack Type
Prompt Injection
Attack SophisticationTrivial
Impact (CIA+S)
integritysafety
Affected Vendors
OpenAI
Related Issues
Original source: https://embracethered.com/blog/posts/2023/chatgpt-plugin-youtube-indirect-prompt-injection/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%