youtube
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill instructions or the Python script.
- [EXTERNAL_DOWNLOADS]: The skill connects to
https://yt.tarka.devto retrieve video metadata. This is a well-known public Invidious instance used for privacy-respecting YouTube searches and does not involve downloading executable code. - [COMMAND_EXECUTION]: The skill relies on its own local script
search.py. There are no instances of spawning arbitrary shell commands, subprocesses, or elevated privileges. - [DATA_EXFILTRATION]: No sensitive local information is accessed. The only data transmitted is the search query provided by the user to the API.
- [PROMPT_INJECTION]: The instructions do not contain any attempts to bypass model safety filters or override system instructions.
- [DYNAMIC_EXECUTION]: The script uses
json.loads()to process API data, which is a safe method for parsing structured data compared to dangerous alternatives likeeval()orpickle.loads().
Audit Metadata