Skills
skills/bogdanovycha/skills/transcript-downloader/Gen Agent Trust Hub

transcript-downloader

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection risk. The skill ingests YouTube transcripts through the mr-transcript library. Since YouTube subtitles are untrusted external data, they may contain malicious instructions. While the current skill primarily saves the transcript to a file, any further processing by the agent (e.g., summarization or question-answering) could lead to the agent following embedded adversarial commands.
  • Ingestion points: scripts/downloader.py fetches data from the YouTube API.
  • Boundary markers: No delimiters or safety instructions are used when saving the transcript content.
  • Capability inventory: File system writing in scripts/downloader.py and command execution in SKILL.md.
  • Sanitization: No sanitization or validation of the transcript content is performed.
  • [REMOTE_CODE_EXECUTION]: Automated update mechanism linked to remote metadata. The skill instructs the agent to run scripts/check_update.py before every task. This script fetches version information and command arguments from a remote GitHub repository. If the remote SKILL.md is compromised, an attacker could manipulate the owner, repo, or name fields to force the agent to execute arbitrary update commands via npx skills update.
  • [EXTERNAL_DOWNLOADS]: Fetches content from external sources. The skill retrieves subtitle data from YouTube and metadata from the author's GitHub repository. These operations are required for the skill's functionality but introduce dependencies on the availability and integrity of these third-party services.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 06:11 AM