full-video-workflow-skill

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to create a structured project directory in the user's home folder (mkdir -p ~/YT/Ideas/). This is a legitimate functional requirement for a project management tool.
  • [PROMPT_INJECTION]: The skill processes untrusted external data by extracting transcripts from YouTube videos. This presents an indirect prompt injection surface where malicious instructions embedded in a video transcript could attempt to influence the agent's behavior during analysis. However, the skill includes a mandatory 'VERIFICATION CHECKPOINT' requiring user confirmation of extracted claims before proceeding, which serves as a significant mitigation.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the external vidIQ service and YouTube. These are well-known, legitimate services related to the skill's primary purpose of video production and SEO optimization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:07 AM
Security Audit — agent-trust-hub — full-video-workflow-skill