This rule identifies potential open redirect vulnerabilities within messages that contain links redirecting through Meta to YouTube. These types of redirects can be exploited for credential phishing attacks where users are redirected to malicious sites that impersonate legitimate ones. The detection logic focuses on inbound messages and specifies that a valid link must include the Meta redirect service domain (l.work.meta.com) and have a specific query parameter structure. It utilizes a combination of sender and URL analysis techniques to catch any suspicious patterns in the links. The rule is relevant for organizations looking to mitigate risks associated with phishing exploits, especially leveraging popular platforms like YouTube to put users at risk.