You don't conceptually understand the attack. The attacker does not need to know the video title, this is an attack to exfiltrate that very title.
That bit you quoted from the article in your first line is included verbatim in the malicious prompt.
When the creator interacts with Ask Studio, Ask Studio cannot / does not differentiate the user prompt from the malicious prompt that is baked into the comment. It treats it as a part of the creator's request, and since of course the creator has access to all the videos on their channel, published or not, it complies with the request, since as far as the LLM is concerned, the user is the creator and they aren't trying to access anything they shouldn't have access to. So Ask Studio constructs a markdown link to an external URL with a querystring parameter, replacing video=BANG with video="Announcing Our New Parternership with Acme Corporation".
If the creator clicks on that link, the attacker who presumably controls the server for external URL will see the query param value in their logs. The link shows up for the creator as an actual link with whatever link text the attacker chose. So an unsuspecting creator might think e.g. that the message comes from YouTube and not think to verify the link is legitimate.