Skills
skills/kenneth-liao/ai-launchpad-marketplace/ideate-notes/Gen Agent Trust Hub

ideate-notes

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches content from well-known services including YouTube and Substack archive pages to use as source material for ideation.
  • [COMMAND_EXECUTION]: Utilizes YouTube MCP tools (search_videos, get_video_details, get_video_transcript, get_video_comments) to interact with external data sources.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the ingestion of untrusted third-party data.
  • Ingestion points: The skill processes YouTube transcripts, top comments from videos, and Substack newsletter content in Steps 1 and 2.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions potentially embedded within transcripts or user comments.
  • Capability inventory: The skill possesses the ability to read and write to the local filesystem (./substack/notes/), perform web searches, and execute MCP tools.
  • Sanitization: The skill does not describe any sanitization, filtering, or validation of the fetched external text before it is passed to the ideation engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:32 AM