youtube-apify-transcript
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, hardcoded secrets, or persistence mechanisms were detected. The skill's behavior matches its documented purpose.
- [EXTERNAL_DOWNLOADS]: The script scripts/fetch_transcript.py interacts with api.apify.com to retrieve transcript data. This is an expected interaction with a well-known service for the skill's primary functionality.
- [PROMPT_INJECTION]: The skill processes untrusted transcript data from YouTube, which serves as a surface for indirect prompt injection.
- Ingestion points: scripts/fetch_transcript.py fetches content from the Apify API.
- Boundary markers: No delimiters or ignore instructions are used when presenting the transcript to the agent.
- Capability inventory: scripts/fetch_transcript.py performs network requests via the requests library and writes to the local .cache/ directory.
- Sanitization: Transcript content is concatenated and returned without specific filtering or sanitization.
Audit Metadata