youtube-clipper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses FFmpeg and local Python scripts (download_video.py, analyze_subtitles.py) to perform video editing and analysis. This behavior is consistent with the stated purpose of the tool.\n- EXTERNAL_DOWNLOADS (SAFE): It uses yt-dlp to download video and subtitle files from YouTube, which is an expected and primary feature of the tool.\n- PROMPT_INJECTION (LOW): The skill parses external YouTube subtitles and uses an LLM to analyze them for chapter generation, creating a surface for indirect prompt injection.\n
- Ingestion points: YouTube subtitles (VTT format) processed by analyze_subtitles.py.\n
- Boundary markers: None specified in the instructions to separate external data from system instructions.\n
- Capability inventory: Subprocess calls for FFmpeg, file writing for clips and summaries, and network access for downloads.\n
- Sanitization: No explicit sanitization or filtering of subtitle content is described.
Audit Metadata