I don't understand, how does this leak a private video title¹ when you need to post a comment on the video you want to leak? Aren't you on the video page at that point?
And the creator needs to click the link inside of a comment section or summary thereof. I disagree with Google saying that phishing vectors are irrelevant for security (it's basically the top vector and Google knows that), but it's hard to disagree with the technical classification as such
¹ but not contents or other info (like the ID) that lets you access the contents, as the title suggests by saying "leaking private videos". The PoC asks the LLM to insert the title in a URL with a third-party domain. I presume the bot doesn't know the page URL, otherwise the author would have used/added that as it's much more impactful
The scenario described in the OP does not involve commenting on a private video. It involves commenting on any public video, then the uploader clicks on a suggested prompt in YouTube Studio which supposedly processes the comment and creates a URL with the title of a different video.