pp-youtube
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a custom local binary
youtube-pp-clithrough the system shell to perform YouTube data operations. - [EXTERNAL_DOWNLOADS]: The skill provides installation instructions using
npxto download the@mvanhorn/printing-presspackage from the npm registry. As this package belongs to the skill author's scope, it is a vendor-provided resource. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows the output of any command to be POSTed to an external URL. While intended for automation, this mechanism could be misused to send sensitive data or context to an attacker-controlled endpoint. - [PROMPT_INJECTION]: The skill retrieves untrusted third-party content, specifically YouTube transcripts via
videos-transcriptand user comments viavideos-comments. This content is placed directly into the agent's context, enabling indirect prompt injection attacks where malicious instructions hidden in transcripts or comments could influence the agent's behavior. - Ingestion points: SKILL.md specifies tools for fetching external transcripts and comment threads.
- Boundary markers: None identified in the prompt instructions to isolate external data.
- Capability inventory: The agent can execute shell commands, write to local files, and make network POST requests via the webhook delivery feature.
- Sanitization: No evidence of sanitization or filtering of the external YouTube content before it is processed by the agent.
Audit Metadata