youtube-summarizer
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an external codebase from an unverified GitHub repository (kimtaeyoon83/mcp-server-youtube-transcript) to provide core functionality.
- [REMOTE_CODE_EXECUTION]: It executes Node.js code from the downloaded unverified repository at runtime using the
node -ecommand. - [COMMAND_EXECUTION]: The instructions require the agent to perform high-privilege tasks within the
/root/directory, including cloning repositories and installing software dependencies. - [COMMAND_EXECUTION]: The workflow involves running arbitrary shell commands like
npm installandnpm run buildon code fetched from an external source. - [DATA_EXFILTRATION]: The skill has the capability to send local files and transcripts to external messaging platforms (specifically Telegram) using the
messagecommand. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted YouTube transcripts without adequate sanitization or boundary markers.
- Ingestion points: The skill fetches transcript text from an external YouTube fetcher script.
- Boundary markers: There are no delimiters or instructions to ignore potential commands embedded within the transcript content.
- Capability inventory: The skill has access to shell command execution, file system modification in sensitive directories, and external network messaging.
- Sanitization: No evidence of transcript content validation or escaping is present before the data is processed or summarized.
Recommendations
- AI detected serious security threats
Audit Metadata