Skills
skills/bcastelino/agent-skills-kit/youtube-summarizer/Gen Agent Trust Hub

youtube-summarizer

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill manages the installation of the 'youtube-transcript-api' Python package via pip to enable its transcript extraction functionality.
  • [COMMAND_EXECUTION]: The skill executes shell commands for environment validation, URL parsing using grep and sed, and invokes Python scripts for data processing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted YouTube transcript data and passes it to the AI for summarization without sanitization. . Ingestion points: YouTube transcripts retrieved in SKILL.md and scripts/extract-transcript.py. . Boundary markers: The summarization instructions in SKILL.md lack explicit delimiters to separate transcript content from agent instructions. . Capability inventory: The skill can execute shell commands, install packages, and write to the local file system. . Sanitization: No sanitization or filtering of the external transcript content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:42 AM
Security Audit — agent-trust-hub — youtube-summarizer