youtube-transcript
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line tools including yt-dlp, ffmpeg, and sed to process YouTube URLs and extract media content. It includes instructions for installing these tools using system package managers, which may involve administrative privileges.
- [EXTERNAL_DOWNLOADS]: Fetches transcript files and video segments from YouTube's infrastructure.
- [REMOTE_CODE_EXECUTION]: The troubleshooting section suggests an installation method for Deno that involves piping a remote script to a shell (curl -fsSL https://deno.land/install.sh | sh). Deno is a well-known technology service.
- [PROMPT_INJECTION]: The skill processes external, potentially untrusted YouTube transcripts to determine execution flow (identifying timestamps for frame extraction). This creates an indirect prompt injection surface.
- Ingestion points: Video transcripts downloaded via yt-dlp as specified in SKILL.md.
- Boundary markers: No specific delimiters or instructions are used to separate the external transcript content from agent instructions.
- Capability inventory: Includes shell command execution (yt-dlp, ffmpeg, sed) and file system access (mkdir, cd) within the skill scripts.
- Sanitization: The skill does not perform sanitization or filtering on the transcript text before it is analyzed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://deno.land/install.sh - DO NOT USE without thorough review
Audit Metadata