youtube-research
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
youtube-transcript-apiPython package to fetch video transcripts. This is a standard and widely used community library for this purpose. - [COMMAND_EXECUTION]: The skill provides shell command templates for interacting with the YouTube Data API v3. These commands are standard
curlrequests that use environment variables for API key management, which is consistent with security best practices for CLI-based research tools. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests external YouTube transcripts for analysis.
- Ingestion points: Transcripts are fetched by
scripts/fetch_transcript.pyand passed to the agent for forensic deconstruction. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing the transcript content.
- Capability inventory: The skill has access to
Bash(for API calls) and local file writing (./youtube/episode/...). - Sanitization: The transcript content is not sanitized before being analyzed by the agent. However, the analysis is guided by a specific 11-dimension framework, which focuses on data extraction rather than command execution.
Audit Metadata