Skills
skills/eat-pray-ai/yutu/youtube-activity/Gen Agent Trust Hub

youtube-activity

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the yutu command-line interface to list activities on YouTube channels.
  • [EXTERNAL_DOWNLOADS]: Installation instructions refer to the @eat-pray-ai/yutu package on npm and binaries from github.com/eat-pray-ai/yutu. These resources are owned by the vendor and follow standard distribution patterns.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external YouTube accounts, such as activity snippets and titles, which could be controlled by an attacker. -- Ingestion points: Data is retrieved from the YouTube API via the yutu activity list command (referenced in references/activity-list.md). -- Boundary markers: The skill instructions do not specify any delimiters or warnings to the agent about ignoring instructions embedded in the API response. -- Capability inventory: The skill requires access to the yutu binary and reads local credential files (client_secret.json, youtube.token.json). -- Sanitization: There is no evidence that the tool or the agent's instructions perform sanitization or validation of the retrieved API content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:21 PM