felo-youtube-subtitling
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill retrieves YouTube subtitles from the official vendor API at openapi.felo.ai, which is appropriate for a tool authored by 'felo-inc'.
- [SAFE]: Sensitive API credentials are managed via environment variables (FELO_API_KEY), following recommended security practices for handling secrets.
- [PROMPT_INJECTION]: The skill processes untrusted external data (YouTube subtitles), creating a surface for indirect prompt injection.
- Ingestion points: Subtitle text retrieved in scripts/run_youtube_subtitling.mjs via the Felo API.
- Boundary markers: None; subtitle text is printed directly to standard output without delimiters.
- Capability inventory: The skill possesses network access to the vendor API and standard output capabilities.
- Sanitization: The retrieved subtitle content is processed and output without sanitization or filtering.
Audit Metadata