Skills
skills/langbaseinc/agent-skills/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill script suggests using sudo apt update && sudo apt install -y yt-dlp, which attempts to gain administrative privileges to install system packages.
  • [COMMAND_EXECUTION]: Shell commands are constructed using the VIDEO_TITLE variable, which is derived from external YouTube metadata. The sanitization performed using tr is not exhaustive, potentially leaving the system vulnerable to command injection if a title contains specific shell metacharacters.
  • [EXTERNAL_DOWNLOADS]: The skill installs necessary dependencies including yt-dlp and openai-whisper from official package registries.
  • [PROMPT_INJECTION]: The skill processes untrusted data from YouTube transcripts, creating an attack surface for indirect prompt injection. Ingestion points: VTT files downloaded from YouTube (SKILL.md). Boundary markers: Absent; transcript content is processed and saved without delimiters. Capability inventory: Bash execution and file read/write operations (SKILL.md). Sanitization: Basic regex-based removal of VTT tags, but no sanitization for natural language instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 11:44 AM
Security Audit — agent-trust-hub — youtube-transcript