youtube-channel-banner
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the 'yutu' CLI tool using various package managers, including npm (
@eat-pray-ai/yutu), Homebrew, winget, and Go. It also provides a link to the project's official GitHub releases page for manual binary downloads. - [COMMAND_EXECUTION]: The skill uses the 'yutu' binary to perform operations such as inserting channel banners and authenticating with Google Cloud Platform. These commands are executed locally to interact with the YouTube API.
- [CREDENTIALS_UNSAFE]: The skill requires the use of OAuth 2.0 credentials (
client_secret.json) and cached tokens (youtube.token.json). The instructions correctly guide the user to generate these through the Google Cloud Console and store them locally, which is a standard and safe practice for applications interacting with the YouTube Data API.
Audit Metadata