media-transcript-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection via external data ingestion.
- Ingestion points: Fetches video transcripts, playlist metadata, and video titles from YouTube (attacker-controlled external source).
- Boundary markers: Absent. The description does not mention any delimiters or instructions to the agent to treat transcript content as data rather than instructions.
- Capability inventory: The skill is designed to write files (Export to .txt/.srt) and process text for 'finding specific topics,' which likely influences downstream agent decisions.
- Sanitization: None documented. Untrusted content is likely passed directly into the agent's reasoning loop.
- [NO_CODE] (MEDIUM): The primary execution logic resides in
get_transcript.py, which is referenced but not provided in the analyzed package. This prevents a full security audit of the command execution and network behavior.
Recommendations
- AI detected serious security threats
Audit Metadata