PAIUpgrade
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface. It processes untrusted data from YouTube transcripts (via
GetTranscript.ts) and web search results (Workflows/FindSources.md) to generate reports and update local configuration files (youtube-channels.json). There are no explicit boundary markers or sanitization steps mentioned to prevent malicious instructions embedded in these external sources from influencing the agent's behavior or its configuration updates. - EXTERNAL_DOWNLOADS (LOW): The skill performs network operations to fetch metadata and transcripts from YouTube using the
yt-dlptool. While targeting a well-known service, these remain connections to non-whitelisted external domains. Evidence:Workflows/CheckForUpgrades.mdexecutesyt-dlp. - COMMAND_EXECUTION (SAFE): The skill executes local TypeScript tools using the
bunruntime. These tools are located in the skill's ownToolsdirectory or in a trustedCOREskill directory, which is standard behavior for the intended functionality. Evidence:Workflows/CheckForUpgrades.mdcallsTools/Anthropic.ts.
Audit Metadata