youtube-rl-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (LOW): The file contains a hardcoded absolute file path pointing to a local directory:
/Users/benjaminshafii/git/zerofinance/.opencode/skill/youtube-rl-tracker/reference-comparison.png. This leaks the author's local system username and environment structure, and will cause broken references for other users. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process external data from YouTube and Notion.
- Ingestion points: YouTube video metrics (Title, Views, CTR) and Notion database entries.
- Boundary markers: None identified in the provided markdown template.
- Capability inventory: The skill integrates with
skill("youtube-studio"), which has the capability to modify video metadata and thumbnails. - Sanitization: No sanitization or validation logic is defined for the external data being tracked.
- [COMMAND_EXECUTION] (SAFE): No executable shell scripts, system commands, or dangerous subprocess calls were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): No external package dependencies or remote scripts are downloaded or executed.
Audit Metadata