Skills
skills/magic-meal-kits/mmk-skills/mmk-youtube-metadata/Gen Agent Trust Hub

mmk-youtube-metadata

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a specific interface for retrieving YouTube metadata using the mmk utility, which is a verified resource of the vendor magic-meal-kits.
  • [SAFE]: Access is appropriately restricted via the allowed-tools configuration in the YAML frontmatter to only the mmk command set, preventing unauthorized command execution.
  • [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or unauthorized remote code execution was found.
  • [SAFE]: The ingestion of YouTube metadata (titles, descriptions) constitutes an indirect prompt injection surface; however, this is assessed as safe given the restricted tool capability set and lack of instructions to interpolate this data into unsafe contexts. Ingestion point: YouTube API (via mmk); Boundary markers: None; Capability inventory: mmk CLI; Sanitization: Not specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 06:02 AM