youtube-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): Potential for indirect prompt injection via untrusted data ingestion. Ingestion points:
YOUTUBE_SEARCH_YOU_TUBE,YOUTUBE_LIST_COMMENT_THREADS, andYOUTUBE_VIDEO_DETAILS. Boundary markers: Absent; no instructions provided to ignore embedded commands within retrieved content. Capability inventory: Includes impactful actions such asYOUTUBE_UPLOAD_VIDEO,YOUTUBE_UPDATE_VIDEO, andYOUTUBE_SUBSCRIBE_CHANNEL. Sanitization: Absent; external data is likely processed directly by the agent without filtering. - External Downloads (SAFE): The skill utilizes
https://rube.app/mcpas its MCP server. While the domain is not in the trusted list, it is a configuration endpoint necessary for the skill's defined functionality and does not involve direct local script execution.
Audit Metadata