Skills
skills/koomook/claude-skill-youtube-kr-subtitle/youtube-kr-subtitle/Gen Agent Trust Hub

youtube-kr-subtitle

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): scripts/download_youtube.py uses the yt-dlp library to download video and metadata. This is the intended purpose of the skill and uses a reputable library.
  • [COMMAND_EXECUTION] (SAFE): scripts/process_video.py invokes the FFmpeg command-line tool using subprocess.run. The command is constructed as a list, which prevents shell injection attacks.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external YouTube sources, which could contain embedded instructions for an LLM.
  • Ingestion points: scripts/download_youtube.py (extract_info) and scripts/extract_subtitle_text.py (pysrt.open).
  • Boundary markers: Absent.
  • Capability inventory: File system writes in all scripts and subprocess execution (ffmpeg) in scripts/process_video.py.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM