ingest-youtube

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the yt-dlp CLI tool to fetch video metadata and subtitles. It specifically uses the -- argument separator when passing user-provided URLs to the command line, which is a recognized best practice to prevent command/argument injection attacks.
  • [EXTERNAL_DOWNLOADS]: The skill depends on yt-dlp, a well-known and widely used open-source tool. The instructions direct users to install it via official package managers like Homebrew or pip.
  • [PROMPT_INJECTION]:
  • Ingestion points: The skill ingests untrusted content in the form of YouTube video transcripts and metadata (titles, channel names) via yt-dlp.
  • Boundary markers: No specific delimiters are mentioned for the imported transcript body within the resulting markdown files.
  • Capability inventory: The skill possesses the capability to write to the local file system (creating markdown notes) and execute subprocesses (yt-dlp).
  • Sanitization: The skill performs sanitization by 'slugifying' channel names and titles before using them in file paths, and it cleans VTT markers from transcripts to produce prose.
  • [DATA_EXFILTRATION]: No sensitive local data is accessed. Network activity is confined to interacting with YouTube via the yt-dlp utility to retrieve publicly available video information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:16 PM
Security Audit — agent-trust-hub — ingest-youtube