youtube-transcribe-skill
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads or scrapes transcripts from public YouTube video pages—via yt-dlp (--write-sub / --write-auto-sub) or browser automation (mcp__chrome__evaluate_script reading the page DOM)—thereby ingesting untrusted, user-generated third-party content that could carry indirect prompt injections.
Audit Metadata