Skills
skills/magic-meal-kits/mmk-skills/mmk-youtube-channel-summary/Gen Agent Trust Hub

mmk-youtube-channel-summary

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: The workflow fetches XML data from YouTube RSS feeds and retrieves full video transcripts using the mmk youtube transcript tool (SKILL.md).
  • Boundary markers: There are no defined delimiters or specific instructions provided to the agent to ignore potentially malicious instructions embedded within the fetched transcripts during the summarization phase.
  • Capability inventory: The skill possesses the ability to perform network operations via curl and write data to an external service using mmk notion database upsert (SKILL.md).
  • Sanitization: The instructions do not include steps to sanitize or validate the content of the transcripts before they are processed by the AI or written to the Notion database.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch external data.
  • Evidence: Uses curl to download RSS feed content from https://www.youtube.com/feeds/videos.xml (SKILL.md).
  • Context: This operation targets a well-known service (YouTube) for legitimate content retrieval.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 06:02 AM