bestblogs-transcribe-youtube
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/transcribe.tsfile useschild_process.execSyncto runosascript, which allows for the execution of arbitrary AppleScript commands to control macOS applications like Google Chrome.\n- [CREDENTIALS_UNSAFE]: The script programmatically extracts theSNlM0esession token from a user's active Gemini tab in Chrome. This token is a sensitive credential used to authenticate requests to Google's backend services.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from YouTube URLs without sanitization or boundary markers. Adversarial content within a video's metadata or transcript could be used to influence the Gemini model's output.\n - Ingestion points: YouTube URL parameter in
scripts/transcribe.ts.\n - Boundary markers: None present in the constructed API request when targeting the Gem ID.\n
- Capability inventory: Shell command execution via AppleScript and local file writing via Node.js
fsmodule.\n - Sanitization: No semantic validation or filtering of content retrieved from the external YouTube source is performed.
Audit Metadata