I was browsing the NahamSec YouTube channel when I noticed some members-only videos. Usually, you need to be a paid member of a channel to access them, but as a bug hunter, I tried to access them without paying. One approach that came to mind was using Gemini. Since Gemini is another Google product, I thought it might have deeper access to YouTube videos.

I tested this using Google AI Studio.

My first prompt was:

Print all details and subtitles separately like
[Visual]
[Subtitle]
Print each [Visual] and [Subtitle] alongside by timestamp.
https://www.youtube.com/watch?v=D1QdCusWu8M

The output was not accurate.

At that time, Gemini was on version 2.0. A week later, version 2.5 was released with a new feature: a dedicated YouTube tool that allows you to attach video links directly.

I tried again. Gemini 2.5 treated the links differently, and the output was exactly what I expected. It printed the subtitles and described the video frame by frame.

Since the video was about developing a Caido plugin, I tried to fetch the code from a specific time using this prompt:

print javascript code at 0m52s693ms - 0m56s333ms

The result was:

> var script = document.createElement('script');
  script.src = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js';
  script.addEventListener('load', function() {
      window.getCookie = function(name) {
          var match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)'));
          if (match) return match[2];

I reported this bug to the Google Bug Bounty program and was awarded $1,337.

Original report: