transcribe-youtube-videos
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes
python3 -cto execute Python code directly from the shell. The workflow instructs the agent to replaceVIDEO_IDwithin a string literal in the command:transcript = api.fetch('VIDEO_ID'). - Evidence: Found in Step 2 and the Error Handling section of
SKILL.md. - Risk: If an attacker provides a crafted YouTube URL where the extracted 'ID' contains characters like
'); import os; os.system('..., it could lead to arbitrary code execution on the host system. - [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
youtube-transcript-apipackage usingpip3 install. - Evidence: Referenced in the
compatibilitymetadata and theDependenciessection. - Context: This is a standard package for this functionality, but downloading and installing code from external registries at runtime is a potential attack vector.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted external data (YouTube URLs) and uses the extracted components in executable code.
- Ingestion points: YouTube URLs provided by users in Step 1.
- Boundary markers: None. The skill uses simple string replacement in the Python script.
- Capability inventory: Shell command execution (
bash), Python execution (python3 -c), and package management (pip3). - Sanitization: Absent. The instructions do not specify validation or escaping for the extracted
VIDEO_IDbefore interpolation.
Audit Metadata