skills/steveclarke/dotfiles/youtube/Gen Agent Trust Hub

youtube

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation in references/transcripts.md recommends using sudo apt install for dependency management on Linux, which involves privilege escalation.
  • [COMMAND_EXECUTION]: The skill heavily relies on executing shell commands and external CLI tools (yt-dlp, eyeD3, whisper) via subprocess calls in both Bash and Ruby.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and installs multiple external packages and libraries from PyPI, Homebrew, and APT. It also uses bundler/inline in scripts/ytmp3 to dynamically install Ruby gems (thor, gum) from RubyGems at runtime.
  • [EXTERNAL_DOWNLOADS]: The ytmp3 script uses curl to download content from arbitrary user-provided URLs.
  • [PROMPT_INJECTION]: The workflow examples in references/transcripts.md demonstrate insecure interpolation of shell-derived variables into Python command strings, creating a vulnerability to indirect prompt injection via malicious YouTube metadata.
  • Ingestion points: Video titles and subtitle filenames extracted via yt-dlp in references/transcripts.md and scripts/ytmp3.
  • Boundary markers: Absent; untrusted data is directly embedded into shell and Python strings.
  • Capability inventory: Extensive system access including file manipulation (rm, mv, mkdir), network requests (curl, yt-dlp), and shell execution (python3 -c, bash).
  • Sanitization: Relies on basic tr commands which do not fully sanitize against sophisticated injection attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 01:43 PM
Security Audit — agent-trust-hub — youtube