Skills
skills/eat-pray-ai/yutu/youtube-playlist/Gen Agent Trust Hub

youtube-playlist

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the yutu CLI tool to interact with the YouTube Data API. It executes commands with user-provided parameters to manage playlist data.\n- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions for the yutu utility from sources managed by the author, including GitHub (github.com/eat-pray-ai/yutu) and the NPM registry (@eat-pray-ai/yutu).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data (playlist titles and descriptions) from the YouTube API.\n
  • Ingestion points: Data retrieved by yutu playlist list (referenced in SKILL.md and references/playlist-list.md).\n
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands were found in the skill text.\n
  • Capability inventory: The skill can execute shell commands via the yutu tool to create, update, or delete playlists (referenced in references/playlist-insert.md, references/playlist-update.md, and references/playlist-delete.md).\n
  • Sanitization: No evidence of sanitization or validation of the content retrieved from the YouTube API was observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:21 PM