Skills
skills/shipshitdev/library/youtube-video-analyst/Gen Agent Trust Hub

youtube-video-analyst

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user to execute a Python script, fetch_transcript.py, to automate data collection from YouTube.
  • [EXTERNAL_DOWNLOADS]: The provided script depends on the youtube-transcript-api package, a standard community library for extracting video transcripts.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (YouTube transcripts), which serves as an ingestion point for indirect prompt injection. Evidence: (1) Ingestion points: SKILL.md (Method 1 and 2) and fetch_transcript.py; (2) Boundary markers: Absent; (3) Capability inventory: Textual analysis and template generation; (4) Sanitization: Absent. The risk is considered low as the agent is not directed to perform sensitive operations based on the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:41 PM