youtube-content-creator
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill generates a Node.js script at runtime and executes it using the
node -ecommand to create a PDF document. The logic and data within this script are derived from theconcepts.mdandscript-outline.mdfiles. This creates a potential surface for code injection if the data processed by the agent is not correctly sanitized before being embedded into the script.\n- [COMMAND_EXECUTION]: The skill uses shell commands to manage environment dependencies and perform file processing tasks. This includes usingnpm installto dynamically acquire libraries and using thenodebinary to execute generated script content.\n- [EXTERNAL_DOWNLOADS]: During the PDF generation phase, the skill attempts to install thesharpandpdfkitpackages from the NPM registry. While these are well-known and standard libraries for image and PDF processing, the practice of downloading and installing dependencies at runtime is a noteworthy security pattern.
Audit Metadata