youtube-render-pdf

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute various shell commands for video metadata extraction, thumbnail downloading, and frame extraction. It also uses tools for image processing like magick montage and coordinates LaTeX compilation to produce a final PDF deliverable.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from YouTube (metadata, subtitle tracks, and video frames) which serves as a potential vector for indirect prompt injection.\n
  • Ingestion points: YouTube video metadata, manual/auto-generated subtitle tracks, and video frames extracted via CLI tools (e.g., SKILL.md).\n
  • Boundary markers: The instructions do not specify any markers or delimiters to isolate untrusted subtitle text from the agent's instructions, nor do they include warnings to ignore embedded commands within the subtitles.\n
  • Capability inventory: The skill has capabilities to write files (.tex, .pdf, .py, images), execute shell commands for media processing, and run generated Python code for data visualization.\n
  • Sanitization: No specific sanitization or validation steps are defined for the subtitle content before it is processed and incorporated into the LaTeX document.\n- [REMOTE_CODE_EXECUTION]: The skill instructions involve generating and executing Python scripts (using libraries like matplotlib and seaborn) to create visualizations based on the video content. While these are used for the primary purpose of the skill, they constitute dynamic code execution.\n- [EXTERNAL_DOWNLOADS]: The LaTeX template (assets/notes-template.tex) references the skill author's official GitHub repository at https://github.com/wdkns/wdkns-skills for attribution in the document footer.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 11:07 AM
Security Audit — agent-trust-hub — youtube-render-pdf