youtube-research-video-topic
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection through the ingestion of external data from YouTube and the web. 1. Ingestion points: Data is pulled from
mcp__plugin_yt-content-strategist_youtube-analytics__search_videos,get_video_details, andweb-fetch. 2. Boundary markers: No delimiters or protective instructions are used to isolate untrusted data. 3. Capability inventory: The skill can write to the filesystem, invoke subagents via theTasktool, and perform web searches. 4. Sanitization: There is no evidence of input validation or sanitization for external content. - [Data Exposure & Exfiltration] (SAFE): The skill handles YouTube analytics and local research files appropriately according to its described functionality.
- [External Downloads] (SAFE): Web search and fetch tools are used for legitimate research purposes without downloading executable code.
Audit Metadata