youtube-transcript
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (YouTube transcripts) and instructs the agent to perform file writes and text manipulation based on that data.
- Ingestion points:
scripts/get_transcript.pyfetches content viaYouTubeTranscriptApi().fetch(video_id). - Boundary markers: None. The transcript text is interpolated directly into the agent's context without delimiters or warnings against embedded instructions.
- Capability inventory: The
SKILL.mdinstructs the agent to "save the transcript to a specific file" and "clean it up so that it is arranged by complete paragraphs". These capabilities (filesystem access and reasoning/modification) are high-risk when applied to untrusted data. - Sanitization: None. The script returns raw text from the YouTube API.
- [External Downloads] (LOW): The skill relies on an external Python package
youtube-transcript-api>=1.0.0. - Evidence: Defined in the
/// scriptmetadata block ofscripts/get_transcript.py. - Status: This is a common third-party package. While not on the pre-approved trusted list, it is a standard dependency for this functionality.
Recommendations
- AI detected serious security threats
Audit Metadata