The Agent Skills Directory

[SAFE]: A comprehensive security audit of the skill's instructions and the tool runner script found no malicious patterns or vulnerabilities.
[SAFE]: Authentication is managed securely via the KEYAPI_TOKEN environment variable. The helper script handles initial setup by prompting for the token and persisting it to a local .env file, which is a standard and acceptable practice for local development tools.
[SAFE]: Network communication is exclusively directed to the service provider's official domain (mcp.keyapi.ai) using the established Model Context Protocol (MCP) over HTTPS.
[SAFE]: The tool runner implements efficient local caching and structured data retrieval, providing the agent with necessary data while maintaining a clean execution environment with no persistence or privilege escalation mechanisms.
[SAFE]: While the skill ingests third-party data from YouTube (comments, descriptions) which represents a surface for indirect prompt injection, this is inherent to its core function and is handled through structured JSON processing by the official MCP SDK, presenting a low and acceptable risk profile.

keyapi-youtube-video-analysis