Skills
skills/jimliu/baoyu-skills/baoyu-youtube-transcript/Gen Agent Trust Hub

baoyu-youtube-transcript

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted YouTube transcripts which are then analyzed by a sub-agent.
  • Ingestion points: Transcripts are fetched from YouTube and saved to transcript-raw.json or transcript.md via scripts/main.ts.
  • Boundary markers: The prompt template in prompts/speaker-transcript.md uses Markdown headers (# Transcript) to separate instructions from the untrusted content.
  • Capability inventory: The skill uses bun or npx to execute local scripts and writes data to the file system.
  • Sanitization: The main.ts script performs HTML unescaping and strips HTML tags from the transcript text before processing.
  • [EXTERNAL_DOWNLOADS]: Fetches video metadata, transcript snippets, and thumbnails from YouTube's official domains (youtube.com, ytimg.com, googlevideo.com). These are well-known services and the data fetched is appropriate for the skill's stated purpose.
  • [COMMAND_EXECUTION]: Executes a local TypeScript CLI tool (scripts/main.ts) using the Bun runtime to manage network requests and file caching. The command execution is scoped to the skill's own directory and intended parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 03:51 AM