yt-transcript
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests transcripts from YouTube, which constitutes an indirect prompt injection surface. Content provided by third-party video authors could potentially include instructions designed to influence the AI agent's behavior when it reads the generated markdown artifact.
- Ingestion points: Untrusted transcript data is ingested via the
scriptfile usingyt-dlp,youtube-transcript-api, andopenai-whisper. - Boundary markers: The skill formats output as a structured Markdown file using headers and separators (e.g.,
---), which helps the agent distinguish between metadata and the transcript body. - Capability inventory: The script performs network operations to fetch metadata and media, and it writes files to the local filesystem using
tempfileandos.replacefor atomic updates. - Sanitization: The script includes a
redact_sensitive_textfunction to prevent proxy credentials from appearing in error logs and uses regular expressions to strip HTML tags and normalize content from VTT subtitle files.
Audit Metadata