Skills
skills/eoash/ash-skills/my-fetch-youtube/Gen Agent Trust Hub

my-fetch-youtube

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands by interpolating the {URL} variable directly into python -m yt_dlp. If a provided URL contains shell metacharacters (e.g., ;, |, &&), it could lead to arbitrary command execution within the agent's environment.
  • [COMMAND_EXECUTION]: The skill uses the YouTube video title (%(title)s) as a filename for shell operations like cat and sed. Because video titles are attacker-controlled external data, a malicious title could be used to perform path traversal or execute additional commands when the filename is processed by the shell.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Fetches video titles, descriptions, and subtitles from YouTube via yt_dlp and performs Web Search on extracted keywords.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when passing fetched content to the translation or summarization pipeline.
  • Capability inventory: The skill possesses significant capabilities including subprocess execution (yt_dlp, sed, cat, grep) and network access via Web Search.
  • Sanitization: There is no evidence of input validation or output escaping for the data retrieved from external sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 03:23 PM