fetch-youtube-transcript
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to construct and execute a shell command by directly interpolating user-supplied strings (video URL, output directory, and language) into a command template. Evidence is found in the 'Construct Command' section of SKILL.md, where values extracted from the user's command are placed into a string for execution via the bash tool. This pattern is vulnerable to command injection; an attacker could craft an input containing shell metacharacters like semicolons, backticks, or subshell syntax (e.g., '$(...)') to break out of the intended command and execute unauthorized code with the agent's permissions.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'uvx' tool to dynamically download and execute the 'youtube-transcript-api' package. Evidence: the execution instructions specify using 'uvx --from youtube-transcript-api'. This is a well-known and generally safe Python package for its intended purpose of fetching YouTube captions, but it involves fetching code from a remote registry at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata