youtube-transcript

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from YouTube transcripts.
  • Ingestion points: Video transcript text is extracted from the DOM via scripts/extract-transcript-segments.py.
  • Boundary markers: The instructions in SKILL.md do not define clear delimiters or use explicit guardrails to prevent the agent from following instructions embedded within the transcript text.
  • Capability inventory: The skill utilizes a bash tool to execute local Python scripts and reads/writes to a local memory file in {working-directory}/browser-act-skill-forge-memories/.
  • Sanitization: There is no evidence of filtering or sanitization of the extracted transcript text before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses eval within the documentation to describe how to run local scripts (e.g., eval "$(python scripts/get-languages.py)"). While eval can be dangerous, here it is used to execute trusted, static local files provided with the skill to generate browser automation code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — youtube-transcript