Skills
skills/zeropointrepo/youtube-skills/video-transcript/Gen Agent Trust Hub

video-transcript

Fail

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/tapi-auth.js modifies several shell initialization files to inject environment variables.
  • Affected files: ~/.bashrc, ~/.zshenv, ~/.profile, ~/.zprofile, ~/.config/fish/config.fish, and PowerShell profiles.
  • These modifications alter the shell environment every time a new session is started, establishing a persistence mechanism on the host system.
  • [DATA_EXFILTRATION]: The setup process involves reading from and writing to sensitive configuration paths on the host system.
  • Targeted paths: ~/.openclaw/openclaw.json, ~/.clawdbot/moltbot.json, and multiple shell resource files.
  • The script attempts to automatically backup and rewrite these files, which can expose the agent's internal configuration and user environment variables.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted data from an external API.
  • Ingestion points: Video transcripts fetched from https://transcriptapi.com/api/v2/youtube/transcript are processed in the main skill flow.
  • Boundary markers: None. The skill does not instruct the agent to use delimiters or specific ignore-instructions for the transcript content.
  • Capability inventory: Shell command execution (curl) and system file-write capabilities via the authentication script.
  • Sanitization: None. Transcripts are ingested directly for analysis and summarization without validation, escaping, or filtering of embedded instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 2, 2026, 02:20 AM
Security Audit — agent-trust-hub — video-transcript