Skills
skills/kouko/monkey-knowledge-youtube-skills/mk-youtube-get-info/Gen Agent Trust Hub

mk-youtube-get-info

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill attempts to access sensitive browser profile directories (e.g., Google Chrome, Firefox, Safari) to extract authentication cookies for yt-dlp using the --cookies-from-browser flag. This is used to access restricted videos but involves reading from user's sensitive browser data locations.
  • [EXTERNAL_DOWNLOADS]: Fetches yt-dlp and jq binaries from their official GitHub repositories as part of the dependency management process.
  • [COMMAND_EXECUTION]: Executes the yt-dlp and jq binaries to extract and format YouTube video metadata.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection via YouTube video descriptions.
  • Ingestion points: Fetches video descriptions using yt-dlp in scripts/info.sh.
  • Boundary markers: Data is structured in a JSON object.
  • Capability inventory: Skill can execute binaries and write metadata to /tmp/monkey_knowledge.
  • Sanitization: Descriptions are truncated but not filtered for malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 12:00 PM