youtube-thumbnail-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a local Python script from a provided template and executes it within the environment to handle data retrieval. It also manages environment variables and temporary files for script execution.
- [EXTERNAL_DOWNLOADS]: The skill installs verified Python packages (
google-api-python-client,requests) and downloads thumbnail images directly from Google's official infrastructure (img.youtube.com). - [DATA_EXFILTRATION]: The skill handles a YouTube Data API v3 key by requesting it from the user and storing it in local memory or environment variables. No evidence of credential leakage to unauthorized third parties was detected.
- [PROMPT_INJECTION]: The skill ingests untrusted data in the form of YouTube video titles and channel descriptions. This represents an indirect prompt injection surface where malicious text in a video title could attempt to influence the agent's analysis. However, the script includes regex-based sanitization for file paths, and the risk is mitigated by the constrained nature of the visual analysis task.
Audit Metadata