youtube-summarizer
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions and configuration download a repository from an untrusted third-party GitHub user (
kimtaeyoon83) and execute its code usingnode -e. This allows for arbitrary code execution from an unverified external source. - [COMMAND_EXECUTION]: The skill frequently executes high-privilege shell commands, including environment setup and script execution, within the
/root/directory. This indicates a requirement for root-level access which may be exploited if the agent is compromised. - [EXTERNAL_DOWNLOADS]: Dependencies are retrieved from a third-party source not listed among trusted vendors, introducing potential supply chain vulnerabilities.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated external data:
- Ingestion points: Untrusted YouTube transcripts are fetched and parsed in
SKILL.md(Steps 2 and 3). - Boundary markers: There are no delimiters or instructions provided to ensure the agent ignores malicious commands embedded within the transcript text.
- Capability inventory: The skill has the ability to execute shell commands, write to sensitive file paths, and send data to external messaging platforms like Telegram.
- Sanitization: No validation or escaping is applied to the transcript content before it is summarized or shared.
Recommendations
- AI detected serious security threats
Audit Metadata