pp-youtube

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a custom local binary youtube-pp-cli through the system shell to perform YouTube data operations.
  • [EXTERNAL_DOWNLOADS]: The skill provides installation instructions using npx to download the @mvanhorn/printing-press package from the npm registry. As this package belongs to the skill author's scope, it is a vendor-provided resource.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows the output of any command to be POSTed to an external URL. While intended for automation, this mechanism could be misused to send sensitive data or context to an attacker-controlled endpoint.
  • [PROMPT_INJECTION]: The skill retrieves untrusted third-party content, specifically YouTube transcripts via videos-transcript and user comments via videos-comments. This content is placed directly into the agent's context, enabling indirect prompt injection attacks where malicious instructions hidden in transcripts or comments could influence the agent's behavior.
  • Ingestion points: SKILL.md specifies tools for fetching external transcripts and comment threads.
  • Boundary markers: None identified in the prompt instructions to isolate external data.
  • Capability inventory: The agent can execute shell commands, write to local files, and make network POST requests via the webhook delivery feature.
  • Sanitization: No evidence of sanitization or filtering of the external YouTube content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:34 AM
Security Audit — agent-trust-hub — pp-youtube