Skills
skills/eat-pray-ai/yutu/youtube-comment-thread/Gen Agent Trust Hub

youtube-comment-thread

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the yutu CLI tool from the author's official GitHub repository and @eat-pray-ai/yutu npm package to provide the core functionality.\n- [COMMAND_EXECUTION]: Uses the yutu CLI to execute commands for listing and inserting comment threads on YouTube videos.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes external data from YouTube comments that may contain malicious instructions.\n
  • Ingestion points: Data ingested via the yutu commentThread list command as described in references/commentThread-list.md.\n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat fetched comment content as untrusted data.\n
  • Capability inventory: The skill includes write capabilities via yutu commentThread insert as documented in references/commentThread-insert.md.\n
  • Sanitization: No validation or filtering of the external YouTube comment content is mentioned in the skill documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:21 PM