transcript-intelligence

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process untrusted transcript data from various social media platforms.
  • Ingestion points: Social media transcripts from TikTok, Instagram, YouTube, Facebook, X/Twitter, LinkedIn, Rumble, and Reddit as defined in the 'Transcript Sources' section.
  • Boundary markers: Absent; there are no instructions provided to the agent to delimit transcript content or to ignore potential instructions embedded within those transcripts.
  • Capability inventory: The skill has access to Bash, Read, Write, and WebFetch tools as specified in the frontmatter configuration.
  • Sanitization: Absent; the workflow does not specify any validation, filtering, or sanitization steps for the external transcript content before analysis.
  • [SAFE]: The skill correctly manages authentication by requiring the 'SCRAPECREATORS_API_KEY' environment variable, avoiding hardcoded credentials. No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were identified in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:55 AM
Security Audit — agent-trust-hub — transcript-intelligence