Skills
skills/gooseworks-ai/gooseworks-skills/youtube-watcher/Gen Agent Trust Hub

youtube-watcher

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/get_transcript.py executes the yt-dlp binary using subprocess.run(). This is implemented safely by passing arguments as a list rather than a shell string, which prevents command injection from malicious URL inputs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves transcripts from YouTube, which are authored by third parties. If a transcript contains hidden instructions or malicious commands designed to manipulate the agent, the agent might follow them during summarization or analysis.
  • Ingestion points: scripts/get_transcript.py fetches external subtitle content via yt-dlp and prints it to stdout for agent consumption.
  • Boundary markers: None identified. The transcript text is provided to the agent without explicit delimiters or warnings to ignore embedded instructions.
  • Capability inventory: subprocess.run is used locally to run yt-dlp; the risk extends to other tools the agent may have access to when processing the transcript.
  • Sanitization: The clean_vtt function removes WebVTT metadata and timestamps but does not perform any natural language sanitization to detect or neutralize malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:13 AM