search-youtube
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface through the ingestion of untrusted video transcripts.
- Ingestion points: Transcripts are fetched via the
transcriptsubcommand inyt_research.pyand processed by the agent during research rounds inSKILL.md. - Boundary markers: The skill does not implement delimiters or system-level instructions to ignore potential commands embedded within transcripts when they are passed to the agent context.
- Capability inventory: The skill allows for command execution via
yt-dlpandpython3, file writing to the local filesystem (~/youtube-research), and the spawning of sub-tasks via theTaskagent tool. - Sanitization:
yt_research.pyperforms regex-based cleaning to remove VTT/SRT metadata tags, but it does not sanitize the remaining textual content for malicious prompt injection patterns or adversarial instructions. - [COMMAND_EXECUTION]: The skill facilitates the execution of external CLI tools, including
yt-dlpandjq, to process video data. - Security review of
yt_research.pyconfirms that command arguments are handled as lists insubprocess.run, which provides robust protection against shell injection attacks. - [EXTERNAL_DOWNLOADS]: The toolkit downloads metadata, audio, and subtitle files from external platforms like YouTube, Vimeo, and Twitter.
- These operations are performed using the legitimate and well-known
yt-dlputility. The script includes logic to sanitize file titles to prevent directory traversal or filename-based injection.
Audit Metadata