YouTubeSearch
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/yt-search.shexecutes theyt-dlp,jq, andbcutilities. These are used for their intended purposes: performing search queries, processing JSON metadata, and calculating statistics. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to YouTube's search API via
yt-dlpto retrieve video metadata. YouTube is recognized as a well-known service, and the script explicitly uses the--no-downloadflag to prevent video file downloads. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it processes untrusted third-party metadata. \n
- Ingestion points: YouTube video titles and channel names are fetched from the web and processed in
scripts/yt-search.sh. \n - Boundary markers: The output uses basic visual separators (dashes and equals signs) but lacks explicit boundary instructions to the agent to ignore instructions embedded in the search results. \n
- Capability inventory: The skill utilizes subprocess execution of CLI tools in
scripts/yt-search.sh. \n - Sanitization: There is no filtering or sanitization of the retrieved video metadata before it is displayed to the agent.
Audit Metadata