Skills
skills/shipshitdev/skills/youtube-video-analyst/Gen Agent Trust Hub

youtube-video-analyst

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes YouTube transcripts, which are external, untrusted data sources that could contain malicious instructions designed to hijack the agent's behavior.
  • Ingestion points: Transcripts fetched via scripts/fetch_transcript.py or manually pasted into the context.
  • Boundary markers: The instructions lack explicit delimiters or instructions for the agent to ignore embedded commands within the transcript data.
  • Capability inventory: The skill has the ability to execute a local Python script with network access and file system write capabilities.
  • Sanitization: No sanitization or filtering is applied to the transcript text before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill utilizes a Python script (scripts/fetch_transcript.py) to fetch data from YouTube. The script is used for its intended purpose and does not exhibit malicious command patterns, but it is a point of interaction with the host system.
  • [EXTERNAL_DOWNLOADS]: The included script depends on the youtube-transcript-api Python library. While a standard package for this task, it represents an external dependency that must be installed on the host.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:13 PM