yt-transcribe
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes a custom tool named
yt-transcribe. The documentation mentions a--setupflag to install missing binaries, which implies downloading and executing external code or binary files from an unverified source. - [COMMAND_EXECUTION] (LOW): The skill executes shell commands using user-provided YouTube URLs. While the instructions recommend quoting the URL, there is a risk of command injection if the underlying implementation of
yt-transcribeor the agent's shell interface does not properly sanitize the input. - [PROMPT_INJECTION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted text data (transcripts) from YouTube videos which can contain malicious instructions intended to override the agent's behavior.
- Ingestion points: The standard output of the
yt-transcribecommand inSKILL.md. - Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat the transcript as untrusted data.
- Capability inventory: The agent uses the transcript to summarize and answer questions, which can trigger downstream actions depending on the agent's full toolset.
- Sanitization: None detected. The transcript is read directly into the context.
Audit Metadata