youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from YouTube transcripts.
- Ingestion points: Video transcript text is extracted from the DOM via
scripts/extract-transcript-segments.py. - Boundary markers: The instructions in
SKILL.mddo not define clear delimiters or use explicit guardrails to prevent the agent from following instructions embedded within the transcript text. - Capability inventory: The skill utilizes a
bashtool to execute local Python scripts and reads/writes to a local memory file in{working-directory}/browser-act-skill-forge-memories/. - Sanitization: There is no evidence of filtering or sanitization of the extracted transcript text before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill uses
evalwithin the documentation to describe how to run local scripts (e.g.,eval "$(python scripts/get-languages.py)"). Whileevalcan be dangerous, here it is used to execute trusted, static local files provided with the skill to generate browser automation code.
Audit Metadata