YouTube Automation
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were identified in the skill instructions or metadata. All functionality is consistent with the stated goal of YouTube channel automation.
- [DATA_EXFILTRATION]: No unauthorized data collection or exfiltration attempts were found. The skill interacts exclusively with the provided YouTube MCP server tools.
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to bypass AI safety filters or override system-level commands.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an inherent attack surface by processing external data from YouTube comments and user-provided metadata templates. Ingestion points: untrusted data enters via the youtube_comments tool and metadata variables (SKILL.md). Boundary markers: no specific delimiters or ignore-instructions are used for external strings. Capability inventory: includes youtube_upload and youtube_update write capabilities (SKILL.md). Sanitization: no evidence of filtering or validation of external content. This is noted as a standard risk factor for automation tools and not an active vulnerability.
Audit Metadata