Skills
skills/magic-meal-kits/mmk-skills/mmk-youtube-transcript/Gen Agent Trust Hub

mmk-youtube-transcript

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is used to retrieve YouTube transcripts via the vendor's 'mmk' CLI tool. No evidence of credential theft, malicious downloads, or persistence mechanisms was found.
  • [COMMAND_EXECUTION]: The skill invokes the 'mmk' tool via Bash. The execution environment is appropriately scoped to this specific toolset using the allowed-tools frontmatter configuration.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes untrusted transcript data from YouTube. Ingestion points: command output from mmk youtube transcript (SKILL.md). Boundary markers: Absent. Capability inventory: Bash command execution via the mmk tool (SKILL.md). Sanitization: Not explicitly defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:43 PM