Skills
skills/vm0-ai/vm0-skills/youtube/Gen Agent Trust Hub

youtube

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches metadata and comment data from official Google API endpoints at googleapis.com.
  • [COMMAND_EXECUTION]: Employs curl and jq to perform network requests and parse JSON responses from the YouTube API.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (video titles, descriptions, and comments), which is a surface for indirect prompt injection.
  • Ingestion points: Data retrieved from YouTube API endpoints (search, videos, commentThreads) in SKILL.md.
  • Boundary markers: None present in the provided command templates.
  • Capability inventory: curl and jq (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of the retrieved YouTube content is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM