Skills
skills/fortunto2/solo-factory/solo-you2idea-extract/Gen Agent Trust Hub

solo-you2idea-extract

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash to execute commands involving solograph-cli and yt-dlp. It directly interpolates variables $URL and $CHANNEL, which are derived from user-supplied $ARGUMENTS, into shell command strings. This creates a surface for command injection if the input is not strictly validated by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to install external packages solograph and yt-dlp using pip install. While yt-dlp is a common tool, solograph is a specific third-party dependency required for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: Video transcripts are downloaded via yt-dlp and saved to transcript.txt (SKILL.md).
  • Boundary markers: None. There are no instructions to use delimiters or ignore embedded commands within the processed transcripts.
  • Capability inventory: The agent has access to Bash, Write, Edit, and several solograph MCP tools, which could be abused if the transcript contains malicious instructions.
  • Sanitization: Absent. The skill uses sed to remove VTT formatting but does not filter or sanitize the actual text content for potential injection patterns.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 09:51 AM