youtube-content
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted transcript data fetched from YouTube. An attacker who controls a video's transcript could embed instructions to manipulate the agent's behavior during the summarization or transformation steps.
- Ingestion points: External data is ingested via
scripts/fetch_transcript.py. - Boundary markers: The workflow does not specify the use of delimiters (e.g., XML tags or triple backticks) to isolate the untrusted transcript from the agent's instructions.
- Capability inventory: The skill does not possess high-risk capabilities like arbitrary shell execution or file system writing, which limits the potential impact of an injection.
- Sanitization: The transcript text is joined and processed without sanitization or filtering of potential command patterns.
Audit Metadata