youtube-feed

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/get_updates.py to retrieve the latest video information. The script allows for user-configurable time ranges via command-line arguments.
  • [EXTERNAL_DOWNLOADS]: The underlying script performs HTTP requests to YouTube and r.jina.ai (Jina Reader) to fetch video metadata such as titles, descriptions, and view counts. Jina is a well-known service for processing web content for large language models.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, untrusted content from YouTube video metadata.
  • Ingestion points: Fetches video titles and descriptions from YouTube and Jina AI in scripts/get_updates.py.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt instructions.
  • Capability inventory: The agent is instructed to translate and summarize the external metadata.
  • Sanitization: The script performs basic text cleaning for formatting and length but does not implement security-focused sanitization to prevent instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 09:25 AM
Security Audit — agent-trust-hub — youtube-feed