youtube-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the ingestion of untrusted external content.
- Ingestion points: The
commentscommand inyoutube_skill.pyretrieves untrusted text directly from YouTube comment threads. - Boundary markers: The script does not utilize delimiters or specific instructions for the agent to ignore or isolate instructions embedded within the retrieved comment data.
- Capability inventory: The skill includes high-impact write capabilities, such as
upload,comment,reply,subscribe, andcreate-playlistinyoutube_skill.py, which could be exploited if an injection is successful. - Sanitization: Comment text is processed and returned to the agent without any sanitization, filtering, or validation.
Audit Metadata