youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves transcripts from YouTube, which constitutes an ingestion point for untrusted external data. This creates a surface for indirect prompt injection if a video's subtitles contain adversarial instructions designed to influence the AI agent's behavior during analysis. 1. Ingestion points: Subtitles are fetched from YouTube URLs in transcript.py. 2. Boundary markers: The output text is not wrapped in protective delimiters. 3. Capability inventory: The skill can execute local commands (yt-dlp) and write files to disk. 4. Sanitization: Basic cleaning (HTML tag removal) is performed, but no content-based filtering is implemented.
- [COMMAND_EXECUTION]: The transcript.py script executes the yt-dlp command-line utility via subprocess.run. The command is securely constructed using a list of arguments, which prevents shell injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill requires the yt-dlp tool, a trusted and widely recognized open-source utility for media downloading. Installation instructions for well-known package managers such as pip and brew are provided in the documentation.
Audit Metadata