@554/youtube-summary
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
curlcommand to make requests to the Supadata API for retrieving video transcript data. - [EXTERNAL_DOWNLOADS]: Transcripts are downloaded from
api.supadata.ai. This external dependency is necessary for the skill's primary function of video summarization. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from YouTube transcripts. 1. Ingestion points: Video transcript data is fetched from the Supadata API (SKILL.md). 2. Boundary markers: The prompt does not specify the use of delimiters or 'ignore' instructions to separate the transcript data from the agent's instructions. 3. Capability inventory: The agent's capabilities in this context are limited to text analysis and summarization; it does not have the ability to execute code or access the file system based on transcript content. 4. Sanitization: There is no evidence of transcript content sanitization before it is passed to the language model.
Audit Metadata