youtube
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from YouTube.\n
- Ingestion points: The competitor sub-skill (specifically Agent D) and the DataForSEO integration retrieve YouTube comments. Additionally, the repurpose sub-skill and execution/fetch_transcript.py process video transcripts.\n
- Boundary markers: The prompt templates for analyzing external data do not include explicit instructions for the agent to ignore or delimit potentially malicious commands embedded in the comments or transcripts.\n
- Capability inventory: The agent has access to the Bash, Write, Edit, and Agent tools, which could be misused if a prompt injection is successful.\n
- Sanitization: The provided scripts do not perform validation or sanitization of the external text content before passing it to the agent.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local utility scripts and third-party binaries.\n
- Evidence: The execution/fetch_transcript.py script uses the subprocess module to invoke the yt-dlp binary for extracting subtitles. The command is constructed as a list to prevent shell injection, and input video IDs are validated via regular expressions.
Audit Metadata