Skills
skills/ariadoss/superskills/youtube/Gen Agent Trust Hub

youtube

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes sudo apt install for dependency management on Linux systems, which involves elevated system privileges.
  • [COMMAND_EXECUTION]: Shell commands and Python scripts are constructed using variable interpolation of external data (e.g., $VTT_FILE and $VIDEO_TITLE). While partial sanitization and quoting are applied, this pattern remains sensitive to specifically crafted filenames or video metadata.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and installs yt-dlp and openai-whisper from public package registries.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted YouTube transcripts. Ingestion points: Content is retrieved via yt-dlp. Boundary markers: Absent; transcript text is processed without specific delimiters. Capability inventory: Access to Bash, Read, and Write tools. Sanitization: Basic HTML cleaning and deduplication are performed during post-processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 05:50 AM