Skills
skills/nikhilbhansali/youtube-data-skills/youtube-content-strategist/Gen Agent Trust Hub

youtube-content-strategist

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the google-api-python-client package, which is a well-known and trusted library from Google used for API interactions.
  • [COMMAND_EXECUTION]: The skill generates a temporary Python script (/tmp/_yt_content_strategist_XXXX.py) and executes it using the system's Python interpreter to perform data analysis. The script logic is transparently defined within the skill instructions and uses standard libraries.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (video titles and tags) from external sources (YouTube API) and incorporates them into a report generated by the AI.
  • Ingestion points: YouTube Data API v3 responses containing video titles, tags, and descriptions.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the fetched data.
  • Capability inventory: The skill possesses script execution capabilities (python3) and file-writing capabilities to generate JSON and Markdown reports.
  • Sanitization: No explicit sanitization or filtering of the fetched metadata is performed before the AI processes it for the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 07:56 AM