Skills
skills/dumplingai/cli/youtube-to-blog-post/Gen Agent Trust Hub

youtube-to-blog-post

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external sources to generate content.
  • Ingestion points: Data is retrieved from YouTube transcripts and web pages via get_youtube_transcript and scrape_page capabilities and stored in .dumplingai/ JSON files.
  • Boundary markers: The rules/safety.md file contains explicit instructions to treat transcript text as untrusted and to ignore any instructions embedded within it or scraped pages.
  • Capability inventory: The skill utilizes the author's dumplingai CLI tool to run specific capabilities and standard utilities like head and rg for local file processing.
  • Sanitization: No programmatic sanitization or filtering is specified; the mitigation relies on agent-level behavioral constraints provided in the safety rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:36 AM