Skills
skills/fairchild/dotclaude/youtube-content/Gen Agent Trust Hub

youtube-content

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It fetches external content (YouTube transcripts) and provides it to the agent for analysis without explicit instructions to ignore embedded commands or boundary markers to isolate the untrusted content.
  • Ingestion points: scripts/fetch_youtube.py fetches the transcript and metadata from external YouTube URLs.
  • Boundary markers: Absent. The instructions in SKILL.md and references/analysis-modes.md do not specify delimiters (like XML tags or triple backticks) or provide warnings to ignore instructions within the transcript.
  • Capability inventory: The skill can execute local scripts via uv run and write files to the local file system (specifically ~/.claude/knowledge/youtube/ via scripts/save_analysis.py).
  • Sanitization: No sanitization or filtering of the transcript text is performed before processing.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external Python packages youtube-transcript-api and yt-dlp to fetch content from YouTube. While these are well-known and standard tools for this purpose, they involve network communication with external servers.
  • [COMMAND_EXECUTION]: The workflow relies on executing local Python scripts using the uv run command. This is used for fetching data, saving results to the knowledge base, and searching existing records. While these scripts are part of the skill, the pattern of executing shell commands is a necessary part of its functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 10:35 AM