use-youtube-data-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses a local script (
install-skill-from-github.py) to download and install executable code from the author's GitHub repository (17854120992/mcp_youtube_data) and other repositories at runtime. - [COMMAND_EXECUTION]: The skill modifies sensitive configuration files for various IDEs including Cursor, Codex, OpenCode, and OpenClaw. These files are located in protected application data paths (e.g.,
~/Library/Application Support/and%APPDATA%), and modifying them allows the skill to influence IDE behavior and register external services. - [DATA_EXFILTRATION]: The skill explicitly requests an API key from the user and configures it for use with the domain
mkterswingman.com. This domain is not recognized as a trusted organization or well-known service. - [EXTERNAL_DOWNLOADS]: The skill performs several external downloads to update itself and install helper skills from both trusted organizations (openai, anthropics) and the author's repository.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by ingesting and summarizing untrusted data from a remote server:
- Ingestion points: It retrieves data from
tools/listandget_patch_notesvia the remote MCP endpoint athttps://mkterswingman.com/mcp. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the fetched content.
- Capability inventory: The skill possesses the capability to execute shell commands and modify system configuration files.
- Sanitization: No validation or sanitization of the remote tool output is performed before it is used to guide user interactions.
Audit Metadata