Skills
skills/arda-industries/agent-skills/x-youtube-analyzer/Snyk

x-youtube-analyzer

Warn

Audited by Snyk on Feb 21, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and analyzes public YouTube videos (see SKILL.md usage examples with "https://www.youtube.com/watch?v=VIDEO_ID" and the prompts/analyze.md required workflow), meaning untrusted, user-generated video and on-screen content are ingested and used to drive extraction decisions and structured outputs, so third-party content could indirectly inject instructions affecting the agent's actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs cursor agents to bypass the sandbox by using required_permissions: ["all"], which encourages removing security restrictions even though it doesn't request sudo, create users, or modify privileged system files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 04:13 AM