Skills
skills/hoangvantuan/claude-plugin/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use sudo apt install -y yt-dlp in SKILL.md, which is an attempt to acquire elevated privileges on the host system.
  • [DATA_EXFILTRATION]: In references/error-handling.md, the skill recommends using the --no-check-certificate flag. This disables SSL/TLS certificate verification, exposing the agent to Man-in-the-Middle (MitM) attacks and potentially compromising data integrity or leading to credential exposure in other contexts.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to YouTube to fetch video metadata and subtitle files. It also initiates package installations via Homebrew, apt, and pip.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted external content (YouTube transcripts).
  • Ingestion points: Video transcripts are downloaded from YouTube and saved locally as .vtt then converted to .txt files.
  • Boundary markers: Absent; the skill does not wrap the processed transcript in delimiters or instruct the agent to ignore instructions within the text.
  • Capability inventory: The skill executes subprocesses for yt-dlp and runs a local Python script (scripts/vtt-to-txt.py).
  • Sanitization: The scripts/vtt-to-txt.py file performs basic regex cleaning to remove VTT tags and HTML-like sequences, but it does not sanitize the text content against prompt injection instructions that may be interpreted by the LLM when the user reviews the file.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 02:32 AM
Security Audit — agent-trust-hub — youtube-transcript