kb-yt-channel
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/ingest-channel.pyexecutes system commands viasubprocess.runto interact withyt-dlpand thekbCLI tool. - Evidence: Found in
scripts/ingest-channel.pywithin functionsrun,resolve_videos, andrun_ingest. - Context: The script correctly uses list-based arguments for
subprocess.run, preventing shell injection. It also validates thetopic-sluginput using a strict regular expression to prevent path traversal or command manipulation. - [EXTERNAL_DOWNLOADS]: The skill uses
yt-dlpto fetch metadata and video information from YouTube. - Evidence: The
resolve_videosfunction inscripts/ingest-channel.pyinvokesyt-dlpon user-provided channel URLs. - Context: This behavior is the intended primary purpose of the skill and targets a well-known service (YouTube).
- [PROMPT_INJECTION]: The skill processes untrusted external data (YouTube transcripts) which represents an indirect prompt injection surface.
- Ingestion points:
scripts/ingest-channel.pyfetches transcripts by callingkb ingest youtubefor each resolved video. - Boundary markers: The script does not implement explicit delimiters for the ingested content, relying on the
kbtool's internal handling of transcripts. - Capability inventory: The skill has the capability to write to the local vault and execute CLI tools.
- Sanitization: Input validation on slugs ensures data is stored in the correct directory structure, but the content of the transcripts is processed as-is.
Audit Metadata