youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a local script (scripts/fetch-transcript.mjs) that fetches data from well-known YouTube domains using standard Node.js APIs. No external dependencies are required.
- [COMMAND_EXECUTION]: The skill executes its own script and creates local directories for storing transcripts, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external transcript data. Ingestion point: Transcript text from scripts/fetch-transcript.mjs. Boundary markers: Absent in prompt templates. Capability inventory: Directory creation and file writing. Sanitization: Absent. The risk is low as this is standard functionality for translation and summarization tools.
Audit Metadata