Skills
skills/mikeygonz/skills/watch-youtube/Gen Agent Trust Hub

watch-youtube

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill follows security best practices by using environment variables for the GOOGLE_API_KEY rather than hardcoding credentials.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes external video content and user prompts together. However, given its primary purpose is video analysis and its restricted capabilities (printing to standard output only), this represents a minimal risk inherent to the tool's function.
  • Ingestion points: The watch.py script accepts a YouTube URL and an analysis prompt as command-line arguments.
  • Boundary markers: Absent; both inputs are passed as raw parts to the Gemini API generate_content call without delimiters.
  • Capability inventory: The script is limited to communicating with the Gemini API and printing the resulting text to the console; it does not perform file system writes or independent network operations.
  • Sanitization: Input strings are not sanitized or escaped before being passed to the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 05:25 PM