Skills
skills/ericgandrade/cli-ai-skills/youtube-summarizer/Gen Agent Trust Hub

youtube-summarizer

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the youtube-transcript-api package from the official Python Package Index (PyPI). This is a well-known and standard library for the skill's stated purpose.\n- [COMMAND_EXECUTION]: The skill uses shell commands for environment detection (python3 --version), dependency installation (pip install), and URL parsing (grep, sed). These operations are consistent with local CLI utility functionality.\n- [PROMPT_INJECTION]: The skill processes untrusted transcript data from external YouTube videos, which constitutes an indirect prompt injection surface.\n
  • Ingestion points: Transcripts are retrieved from external YouTube URLs or provided via manual input as described in SKILL.md.\n
  • Boundary markers: The skill utilizes structured summarization frameworks (STAR and R-I-S-E) to guide model output, as defined in SKILL.md.\n
  • Capability inventory: The skill can execute shell commands for dependency management and write transcript data to the /tmp directory (SKILL.md, scripts/extract-transcript.py, scripts/install-dependencies.sh).\n
  • Sanitization: No explicit sanitization or filtering of the transcript content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 06:50 PM