Skills
AGENT LAB: SKILLS
skills/feiskyer/claude-code-settings/youtube-transcribe-skill/Gen Agent Trust Hub

youtube-transcribe-skill

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • Credential Exposure (HIGH): The skill uses yt-dlp --cookies-from-browser=chrome. This command grants the tool access to the user's entire Chrome cookie database, which often contains active session tokens and sensitive PII. This creates a significant risk of session hijacking if the tool or its environment is compromised.
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external content (YouTube page data) and possesses high-privilege write and execution capabilities.
  • Ingestion points: YouTube video titles and transcript text fetched via WebFetch, firecrawl, or chrome-devtools-mcp (SKILL.md Step 1, Step 3).
  • Boundary markers: None. The external data is directly interpolated into file names and prompt context.
  • Capability inventory: Bash(yt-dlp:*), Write (local file modification), and evaluate_script (arbitrary JavaScript execution in a browser context).
  • Sanitization: Absent. The video title extracted from the web is used directly as a filename (<Video Title>.txt). This is a classic path traversal or command injection vector if the title contains malicious characters (e.g., ../../../ or ; rm -rf).
  • Command Execution (MEDIUM): The skill utilizes mcp__plugin_claude-code-settings_chrome__evaluate_script to run JavaScript on external websites. While the current script is for scraping, this mechanism allows for arbitrary code execution in the user's browser session, which could be leveraged to steal data from other open tabs or manipulate the page DOM maliciously if redirected.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:31 PM