Skills
skills/manojbajaj95/claude-gtm-plugin/youtube/Gen Agent Trust Hub

youtube

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bash -c to execute curl commands. This is the primary method used to make API requests to Google's servers and is consistent with the skill's stated purpose.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with googleapis.com to fetch video and channel data. This is a well-known and trusted service provided by Google.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (YouTube comments and descriptions), creating a surface for indirect prompt injection.
  • Ingestion points: Video descriptions and comment threads are fetched via the YouTube API as shown in the examples in SKILL.md.
  • Boundary markers: None are explicitly used in the provided command examples.
  • Capability inventory: The skill uses network access via curl and data processing via jq.
  • Sanitization: There is no explicit sanitization of the fetched content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:33 PM