youtube-analytics
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill integrates with the YouTube Data API v3 using the official Google Cloud 'googleapis' library to perform requested analytics tasks.
- [SAFE]: The toolkit implements secure credential management by instructing users to store API keys in environment variables (.env file) rather than hardcoding them.
- [SAFE]: Result storage logic in 'storage.ts' includes filename sanitization to prevent directory traversal and ensures all data is written to a designated local directory.
- [SAFE]: Software dependencies are limited to reputable packages from the official NPM registry, and network communications are restricted to legitimate Google API endpoints.
- [SAFE]: Data processing involves fetching untrusted content from YouTube (titles, descriptions) which enters the agent context via 'channels.ts', 'videos.ts', and 'search.ts'; while explicit boundary markers are not used in storage, capabilities are limited to local file writes and result filenames are sanitized to prevent system-level impact.
Audit Metadata