skills/rebyteai/rebyte-skills/youtube/Gen Agent Trust Hub

youtube

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs to install youtube-transcript-api, which is the standard, well-known Python library for retrieving YouTube video transcripts.
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the vendor's own API proxy ($API_URL) for YouTube data operations. This is a standard practice for managed agent environments to handle authentication and rate limiting securely.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from YouTube (titles, descriptions, and video transcripts). While this represents a potential surface for indirect prompt injection where an attacker could place instructions in video content, the skill does not expose any dangerous downstream capabilities (such as code execution) that could be triggered by this data.
  • Ingestion points: YouTube metadata and transcripts fetched via API and library.
  • Boundary markers: None explicitly defined in the provided snippets.
  • Capability inventory: No dangerous subprocess calls or file system writes based on the external content.
  • Sanitization: Standard LLM processing is used; no explicit technical sanitization scripts are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:38 PM
Security Audit — agent-trust-hub — youtube