This is a case of lethal trifecta. This particular one can be fixed by either not giving the AI private data, or by removing the exfiltration opportunity. Why does the comment-summary bot need access to your private video ids? Why does it need to be able to output links?
Most cases of prompt injection are harder to fix, and the success of the products they occur in relies on engineers who should know better sticking their heads in the sand about security risks.