youtube-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external data (YouTube video titles and transcripts) through an AI model. Ingestion points: Data enters via
scripts/get_channel_videos.pyand the referencedfind_outliers.py. Boundary markers: No specific delimiters or 'ignore' instructions are used to isolate untrusted data from the prompt. Capability inventory: AI-generated summaries are used to select videos for further analysis and report generation involving script execution. Sanitization: No sanitization of the fetched metadata or transcripts is performed. - External API Interaction (LOW): The skill connects to
public-api.tubelab.net. While not a pre-approved trusted source, it is the primary service provider for the skill. No sensitive data other than the API key itself is sent to this endpoint.
Audit Metadata