youtube-title
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses authoritative directives such as 'CRITICAL', 'MANDATORY', and 'NON-NEGOTIABLE' to prioritize its internal design requirements. While these are used for task-specific performance and not to bypass safety filters, they utilize the same linguistic patterns found in prompt injection attacks.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from untrusted local and external sources. 1. Ingestion points: SKILL.md (Step 1) specifies gathering context from the user's local filesystem and YouTube data. 2. Boundary markers: Absent; there are no instructions to the agent to treat this data as untrusted or to ignore any instructions embedded within it. 3. Capability inventory: The skill uses gathered context to influence its text generation output. 4. Sanitization: Absent; no validation, escaping, or filtering of the ingested context is described before it is processed by the agent.
Audit Metadata