Skills
skills/feiskyer/claude-code-settings/youtube-transcribe-skill/Gen Agent Trust Hub

youtube-transcribe-skill

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the yt-dlp utility via the Bash tool to perform video information retrieval and subtitle downloads.
  • [COMMAND_EXECUTION]: Runs a JavaScript snippet in a browser environment using mcp__plugin_claude-code-settings_chrome__evaluate_script to scrape transcript segments from the DOM.
  • [CREDENTIALS_UNSAFE]: Accesses local browser cookies via the --cookies-from-browser flag to authenticate with YouTube, which is standard for the tool's intended use case.
  • [EXTERNAL_DOWNLOADS]: Fetches page content and metadata from external YouTube URLs.
  • [PROMPT_INJECTION]: Ingests untrusted external data from YouTube video titles and transcript text, posing a low risk of indirect injection.
  • Ingestion points: Video titles and transcript text segments fetched from YouTube.
  • Boundary markers: None identified; the skill directly incorporates scraped text into output files.
  • Capability inventory: Includes file system writing (Write), command execution (Bash), and browser automation (chrome-devtools-mcp).
  • Sanitization: No explicit sanitization or filtering is applied to the retrieved text strings before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:54 AM