Skills
skills/ericgandrade/claude-superskills/youtube-summarizer/Gen Agent Trust Hub

youtube-summarizer

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to check for, install, and run Python-based transcript extraction tools. Specifically, it uses pip install to manage dependencies and python3 to execute the extract-transcript.py script.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the youtube-transcript-api package from the official Python Package Index (PyPI). This is a well-known package used for its stated purpose.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes untrusted text data from external YouTube transcripts.
  • Ingestion points: Transcripts are fetched from YouTube in scripts/extract-transcript.py and subsequently read into the AI's context for summarization as described in SKILL.md.
  • Boundary markers: The summarization instructions do not include specific delimiters or instructions to ignore potential commands embedded within the transcript text.
  • Capability inventory: The skill possesses the ability to execute shell commands (for setup) and write to the local file system (saving transcripts to /tmp/).
  • Sanitization: The skill does not implement filtering or sanitization of the transcript content before presenting it to the AI model for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:53 AM