Skills
skills/magic-meal-kits/mmk-skills/mmk-youtube-videotype/Gen Agent Trust Hub

mmk-youtube-videotype

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. The skill processes external YouTube identifiers that could potentially lead to indirect prompt injection if the tool's output contains malicious instructions that the agent then follows.
  • Ingestion points: The video_url_or_id parameter passed to the mmk youtube videotype command in SKILL.md allows external data to enter the agent's context.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for the tool's output.
  • Capability inventory: The skill uses the Bash(mmk *) tool to execute commands.
  • Sanitization: No sanitization or validation of the external content is defined in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:22 PM