youtube-pipeline
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local PowerShell scripts using the
-ExecutionPolicy Bypassflag. This allows scripts to run regardless of the system's execution policy, which is a common but potentially risky practice if scripts are modified or if the environment is untrusted. - [PROMPT_INJECTION]: The script
scripts/parse_yt_studio.ps1creates an Indirect Prompt Injection surface by parsing user-provided HTML files and saving the extracted text into markdown files which the agent is then instructed to read. - Ingestion points: The script
scripts/parse_yt_studio.ps1reads from anInputFile(e.g.,topic.html) provided by the user. - Boundary markers: The generated markdown output (
parsed_topics.md) does not use delimiters or instructions to treat the content as untrusted data. - Capability inventory: The skill utilizes subprocess execution for PowerShell and Node.js, and performs file system read/write operations across multiple directories.
- Sanitization: There is no evidence of sanitization or validation of the text extracted via regex from the HTML file before it is written to the output markdown.
- [COMMAND_EXECUTION]: The skill includes a 'Sync' command that uses
Copy-Itemto move files from a hardcoded absolute Windows path (C:\CreativeOS\...) to the user's profile. This facilitates the movement of potentially untrusted workflow instructions into the agent's active skill directory.
Audit Metadata