Skills
skills/agairola/fuel-pricing-skill/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md use high-priority keywords ("CRITICAL: YOU MUST NEVER MODIFY...") to override standard agent behavior.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection attack surface by fetching untrusted text content from external YouTube transcripts and presenting it to the agent without sanitization or boundary markers.
  • Ingestion points: scripts/get_transcript.py fetches data from the YouTube API via the youtube-transcript-api library.
  • Boundary markers: The skill does not implement delimiters or instructions to ignore embedded commands within the fetched transcript.
  • Capability inventory: The agent environment running this skill typically includes capabilities for shell execution, network access, and file system operations.
  • Sanitization: No filtering or validation is performed on the transcript text before it is returned to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 01:33 AM