youtube-podcast-extraction
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_quotes_pro.jsinvokes FFmpeg usingexecSyncfor frame extraction. While the command strings use file paths derived from the local working directory, unsanitized directory or file names could theoretically lead to command injection in certain environments. - [EXTERNAL_DOWNLOADS]: The skill utilizes
yt-dlpto download video and subtitle content from YouTube. This is the primary function of the skill and uses a well-known, established tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via external YouTube transcripts.
- Ingestion points: Untrusted subtitle data is fetched via
yt-dlpand processed intotranscript_en.txtbyscripts/clean_subs.py. - Boundary markers: There are no explicit delimiters or safety instructions used to isolate the untrusted transcript content from the agent's internal logic during the analysis phase.
- Capability inventory: The skill has the ability to write files to the local system and execute shell commands through FFmpeg and Playwright.
- Sanitization: The script
scripts/generate_quotes_pro.jsincludes anescapeHtmlfunction to sanitize text for the visual card rendering, but it does not perform sanitization for the semantic analysis or summarization phases.
Audit Metadata