Skills
skills/fortunto2/solo-factory/solo-index-youtube/Gen Agent Trust Hub

solo-index-youtube

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands to manage dependencies and process transcript files.
  • Runs pip install or uvx to install the solograph and yt-dlp utilities.
  • Uses yt-dlp to list video URLs and download subtitles.
  • Employs sed, awk, and grep to clean and search through transcript text.
  • [EXTERNAL_DOWNLOADS]: Fetches software and content from remote sources during execution.
  • Installs packages from public registries (PyPI).
  • Downloads transcript data directly from YouTube servers.
  • [PROMPT_INJECTION]: The skill processes untrusted external content, creating a surface for indirect prompt injection.
  • Ingestion points: Video transcripts are downloaded to docs/youtube/ files using yt-dlp (SKILL.md).
  • Boundary markers: No specific markers or instructions are provided to the agent to treat transcript content as untrusted data.
  • Capability inventory: The agent has access to Bash, Read, and Write tools to analyze the downloaded text and update index files (SKILL.md).
  • Sanitization: Scripting with sed and awk is used to remove technical VTT formatting, but no content-based sanitization or filtering is applied to the transcript text before the agent reads it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:51 AM