boring-youtube-mining
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system commands including
yt-dlp,mkdir, andls. It interpolates variables like{handle}and{video_id}directly from local configuration files (settings/youtube-channels.md) and tool output into shell command strings without explicit sanitization, which could lead to command injection if the input data is maliciously crafted. - [EXTERNAL_DOWNLOADS]: The skill fetches video metadata and auto-generated transcripts from YouTube's official domain using the
yt-dlputility. These downloads are part of the skill's primary function and target a well-known service. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted transcript data from YouTube to generate user-facing content ideas and draft hooks.
- Ingestion points: YouTube transcripts are downloaded and stored in the
content/youtube-transcripts/directory for analysis. - Boundary markers: The skill does not implement delimiters or specific instructions to the agent to treat the transcript content as untrusted data or to ignore instructions embedded within the text.
- Capability inventory: The skill executes subprocesses for
yt-dlp(including network access), creates directories, and writes files to the local filesystem. - Sanitization: Sanitization is limited to structural cleaning of the VTT format (removing timestamps and metadata); no semantic sanitization or filtering of the transcript text is performed to mitigate injection attacks.
Audit Metadata