youtube-render-pdf
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from YouTube (subtitles, metadata, video frames) to generate content, which presents a surface for indirect prompt injection. Findings: Ingestion points include subtitle tracks and video metadata from YouTube (SKILL.md); Boundary markers are absent (instructions do not wrap untrusted content in delimiters); Capability inventory includes file system writing and script execution; Sanitization is not mentioned.
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and run Python scripts (using matplotlib/seaborn) to create visualizations based on video data.
- [EXTERNAL_DOWNLOADS]: The skill downloads content from YouTube, a well-known service, which is considered standard for this use case.
Audit Metadata