youtube-producer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow creates a surface for indirect prompt injection by processing untrusted user data.\n
- Ingestion points: Video ideas are provided by users as natural language input.\n
- Boundary markers: None; the system lacks delimiters or instructions to prevent user input from overriding the production logic.\n
- Capability inventory: The agent is instructed to execute local scripts (
scripts/title_generator.py,scripts/hook_analyzer.py,scripts/shorts_extractor.py) to process the input.\n - Sanitization: No input validation or filtering is performed on user ideas before they are passed to the script pipeline.\n- [COMMAND_EXECUTION]: The skill relies on local Python scripts provided within the skill package to perform its tasks.\n
- Evidence: Explicit instructions to use
scripts/title_generator.py,scripts/hook_analyzer.py, andscripts/shorts_extractor.pyfor specialized generation and analysis.
Audit Metadata