mk-youtube-get-caption
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
scripts/caption.shscript searches for and accesses Google Chrome profile directories on macOS and Linux to extract session cookies. This is used to authenticate with YouTube for restricted content but involves accessing sensitive local data. - [EXTERNAL_DOWNLOADS]: The skill downloads
yt-dlpandjqbinaries from their official GitHub repositories. It also usespipto install packages during the build process inscripts/_utility__build_ytdlp.sh. - [REMOTE_CODE_EXECUTION]: Downloaded binaries for
yt-dlpandjqare marked as executable and run locally. The skill also generates a standalone binary usingpyinstallerinscripts/_utility__build_ytdlp.sh. - [COMMAND_EXECUTION]: Various shell scripts execute system commands and downloaded binaries to process video data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted video subtitles. Ingestion points: Subtitle files in the
data/directory created byscripts/caption.sh. Boundary markers: Absent. Capability inventory:scripts/caption.shusesyt-dlp,jq,sed, andwc;scripts/_utility__build_ytdlp.shusespipandpyinstaller. Sanitization: No sanitization is performed on downloaded subtitle text.
Audit Metadata