Skills
skills/blackhaj/dotfiles/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes transcript data from an external, user-controlled source (YouTube).
  • Ingestion points: The transcript.js script fetches transcript text from YouTube via the youtube-transcript-plus library.
  • Boundary markers: The output is formatted with timestamps but lacks explicit delimiters or instructions to the agent to ignore instructions within the transcript text.
  • Capability inventory: The script performs network requests to fetch data but does not include file system writes, subprocess execution, or other high-privilege operations.
  • Sanitization: The script does not sanitize the transcript text for potential malicious instructions before outputting it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 12:07 AM