Skills
skills/op7418/youtube-clipper-skill/youtube-clipper/Gen Agent Trust Hub

youtube-clipper

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The install_as_skill.sh script performs unverified package installations of yt-dlp, pysrt, and python-dotenv from PyPI. While these are common libraries, they are downloaded from an untrusted source at install time.
  • COMMAND_EXECUTION (LOW): The skill makes extensive use of subprocess.run to call ffmpeg and yt-dlp. The risk of command injection is significantly mitigated by the use of argument lists instead of shell strings, and by the implementation of a temporary directory strategy in scripts/burn_subtitles.py to handle potentially malicious file paths.
  • PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: scripts/download_video.py fetches untrusted subtitle data from YouTube.
  • Boundary markers: Absent. Prompts in scripts/translate_subtitles.py and scripts/generate_summary.py do not use delimiters or instructions to ignore embedded commands in the subtitles.
  • Capability inventory: The skill can execute system commands via FFmpeg and yt-dlp and write files to the local system.
  • Sanitization: No sanitization or filtering is performed on the subtitle text before it is interpolated into LLM prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:35 PM