Skills
skills/zeropointrepo/youtube-skills/youtube-data/Gen Agent Trust Hub

youtube-data

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The setup script (scripts/tapi-auth.js) performs extensive file system operations, modifying various shell startup scripts and environment configuration files to store API keys and establish persistence.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to transcriptapi.com for account management, authentication, and data retrieval tasks.
  • [CREDENTIALS_UNSAFE]: The setup utility stores the user's API key in plaintext within multiple configuration files and shell profile scripts across the home directory.
  • [PROMPT_INJECTION]: The skill processes untrusted video transcript data from YouTube, introducing a risk of indirect prompt injection.
  • Ingestion points: YouTube transcripts retrieved through the /api/v2/youtube/transcript endpoint as documented in SKILL.md.
  • Boundary markers: No delimiters or isolation instructions are present in the provided curl command examples or usage instructions.
  • Capability inventory: The skill environment possesses file system modification and network connectivity capabilities via the auth script and usage commands.
  • Sanitization: No evidence of sanitization or validation of the ingested transcript content is provided in the analyzed files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 08:48 PM