BGM Creation & YouTube Upload Agent
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted user data to generate YouTube metadata and trigger uploads. 1. Ingestion points: User choices and metadata input fields. 2. Boundary markers: None visible in SKILL.md. 3. Capability inventory: YouTube video upload functionality. 4. Sanitization: No logic provided to sanitize or escape user-provided metadata before processing.
- Unverifiable Content (MEDIUM): The skill references three external files (REFERENCE.md, FORMS.md, USAGE.md) that are not provided for analysis, preventing a complete security audit of the workflow and logic.
Recommendations
- AI detected serious security threats
Audit Metadata