youtube-full
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts exclusively with official Google API endpoints at 'googleapis.com' for all data operations, including video management, uploads, and analytics. These are well-known and trusted services.
- [COMMAND_EXECUTION]: Provides Python code snippets utilizing the 'requests' library to interact with external APIs. No arbitrary command execution, privilege escalation, or shell spawning patterns were identified.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes untrusted user-generated content (transcripts and comments).
- Ingestion points: Fetches video transcripts via the '/youtube/v3/captions' endpoint and comment threads via '/youtube/v3/commentThreads'.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are implemented in the suggested logic to separate untrusted text from agent instructions.
- Capability inventory: The skill possesses network communication capabilities (requests) and file management capabilities (as described in the transcript extraction example).
- Sanitization: There is no evidence of content sanitization, filtering, or validation for the text data retrieved from the YouTube API before it enters the model context.
Audit Metadata