kb-yt-channel

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/ingest-channel.py executes system commands via subprocess.run to interact with yt-dlp and the kb CLI tool.
  • Evidence: Found in scripts/ingest-channel.py within functions run, resolve_videos, and run_ingest.
  • Context: The script correctly uses list-based arguments for subprocess.run, preventing shell injection. It also validates the topic-slug input using a strict regular expression to prevent path traversal or command manipulation.
  • [EXTERNAL_DOWNLOADS]: The skill uses yt-dlp to fetch metadata and video information from YouTube.
  • Evidence: The resolve_videos function in scripts/ingest-channel.py invokes yt-dlp on user-provided channel URLs.
  • Context: This behavior is the intended primary purpose of the skill and targets a well-known service (YouTube).
  • [PROMPT_INJECTION]: The skill processes untrusted external data (YouTube transcripts) which represents an indirect prompt injection surface.
  • Ingestion points: scripts/ingest-channel.py fetches transcripts by calling kb ingest youtube for each resolved video.
  • Boundary markers: The script does not implement explicit delimiters for the ingested content, relying on the kb tool's internal handling of transcripts.
  • Capability inventory: The skill has the capability to write to the local vault and execute CLI tools.
  • Sanitization: Input validation on slugs ensures data is stored in the correct directory structure, but the content of the transcripts is processed as-is.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:34 PM
Security Audit — agent-trust-hub — kb-yt-channel