Skills
skills/mathews-tom/praxis-skills/youtube-analysis/Gen Agent Trust Hub

youtube-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted transcript data from YouTube, presenting a surface for indirect prompt injection attacks.
  • Ingestion points: Untrusted transcript text is ingested through scripts/fetch_transcript.py.
  • Boundary markers: The skill does not use explicit delimiters or specific instructions to isolate external transcript content from the agent's core logic.
  • Capability inventory: The skill possesses the capability to execute shell commands (via yt-dlp) and perform file system writes (via scripts/analyze_video.py).
  • Sanitization: While the video ID is validated via regex, the actual transcript content is not sanitized before being processed by the language model.
  • [COMMAND_EXECUTION]: The skill executes the yt-dlp tool via the Python subprocess module to fetch video data.
  • Evidence: scripts/fetch_transcript.py uses subprocess.run to call yt-dlp for metadata and transcript extraction.
  • Mitigation: The skill validates the video ID using a strict regex ([A-Za-z0-9_-]{11}) in scripts/utils.py before inclusion in the command, which effectively prevents shell command injection.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external Python libraries.
  • Evidence: SKILL.md identifies youtube-transcript-api and yt-dlp as required dependencies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:31 PM