youtube-research
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows security best practices for credential management by using placeholders and environment variables for the YouTube API key.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'youtube-transcript-api' Python library, which is a standard package for its stated purpose.
- [PROMPT_INJECTION]: The skill processes untrusted video transcripts. Ingestion points: Transcripts fetched via script or manual input into the agent prompt. Boundary markers: Absent. Capability inventory: Bash, WebSearch, WebFetch, and file writing. Sanitization: Absent. The risk of indirect prompt injection is mitigated by the structured analytical framework which focuses the agent on data extraction and pattern recognition rather than executing instructions from the content.
Audit Metadata