Skills
skills/julianobarbosa/claude-code-skills/youtube-search/Gen Agent Trust Hub

youtube-search

Fail

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script yt-search.sh is vulnerable to command injection via user-supplied parameters. The --count and --months flags are used in bash arithmetic expansion (( )) without sanitization. For example, providing a count value like 1; id would cause the shell to execute the id command during variable calculation.
  • [REMOTE_CODE_EXECUTION]: The script processes external data fetched from YouTube (view counts, subscriber counts) in shell contexts that perform evaluation. Specifically, the format_number function uses arithmetic expansion (( )) and the engagement ratio calculation uses echo with expanded variables inside a subshell. If an attacker-controlled YouTube video or channel metadata contains shell payloads in numeric fields, these payloads will be executed on the host system.
  • [PROMPT_INJECTION]: The skill ingests and displays untrusted content (video titles and channel names) from an external source (YouTube), which serves as an indirect prompt injection surface. Maliciously crafted metadata could be used to influence the agent's behavior.
  • Ingestion points: YouTube metadata fetched via yt-dlp in scripts/yt-search.sh.
  • Boundary markers: None. External content is printed directly into the agent's context.
  • Capability inventory: The script performs subprocess calls to yt-dlp, jq, bc, and date.
  • Sanitization: None. Extracted values are used directly in shell logic without validation or escaping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 27, 2026, 09:30 AM
Security Audit — agent-trust-hub — youtube-search