Skills
skills/gooseworks-ai/goose-skills/youtube-apify-transcript/Gen Agent Trust Hub

youtube-apify-transcript

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill uses the APIFY_API_TOKEN and GOOSEWORKS_API_KEY environment variables to authenticate requests to api.apify.com and api.gooseworks.ai. This is standard and legitimate behavior for integrating with these services.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to all tools that process external content. It ingests untrusted data (YouTube transcripts) which could theoretically contain instructions meant to mislead the agent. However, this is an inherent risk of the data source rather than a malicious pattern in the skill's code.
  • Ingestion points: Data enters the system through scripts/fetch_transcript.py via the APIFY API.
  • Boundary markers: Output is returned as raw text or JSON without specific encapsulation or boundary delimiters.
  • Capability inventory: The script performs network operations (requests) and file-system writes (local cache in .cache/).
  • Sanitization: No specific sanitization is performed on the transcript text before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:47 AM