youtube-video-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes shell scripts (preprocess.sh, finalize.sh) and system utilities (yt-dlp, ffmpeg) to perform video processing tasks on the local machine.
- [EXTERNAL_DOWNLOADS]: The skill uses yt-dlp to download video files, subtitles, and metadata from YouTube based on user-provided URLs.
- [DATA_EXFILTRATION]: The instructions recommend using the --cookies-from-browser flag with yt-dlp, allowing the tool to access sensitive browser session data (cookies) to bypass age or geographical restrictions on videos.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by processing external data.
- Ingestion points: Untrusted content from YouTube subtitles and video metadata is ingested via scripts and presented to the AI for analysis.
- Boundary markers: Prompts include delimiters for subtitle content but lack explicit instructions to ignore or sanitize embedded commands within that content.
- Capability inventory: The skill environment allows for file deletion (rm -rf), script execution, and network downloads via tools like yt-dlp.
- Sanitization: There is no evidence of automated sanitization for the strings extracted from YouTube before they are used in LLM prompts.
Audit Metadata