ytmusic-hub
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores highly sensitive YouTube session cookies (including SID, HSID, SSID, APISID, and SAPISID) in a predictable plain-text JSON file located at
/var/minis/workspace/ytmusic_headers.json. Unauthorized access to this file would permit an attacker to hijack the user's YouTube account session.\n- [COMMAND_EXECUTION]: Thescripts/ytmusic_client.pymodule performs global monkey-patching of theurllib3andsocketstandard libraries to disable SSL certificate verification (ssl.CERT_NONE) and hostname matching. While intended to resolve DNS pollution and SSL issues in limited environments (like iSH), this practice downgrades the security of all network requests within the process, making them vulnerable to Man-in-the-Middle (MitM) attacks.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves untrusted metadata (such as song titles, artist names, and playlist descriptions) from the YouTube Music API and processes it without sanitization.\n - Ingestion points: Data is fetched via
yt.get_playlist,yt.get_library_playlists, andyt.get_liked_songsin scripts likeexport_playlist.pyandrecommend_from_likes.py.\n - Boundary markers: None. External content is directly interpolated into Markdown reports and search parameters.\n
- Capability inventory: The skill can perform searches, modify playlists, and write files to the local system.\n
- Sanitization: None. API data is treated as trusted content.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
ytmusicapiPython package, which is a standard library for programmatic interaction with YouTube Music.
Audit Metadata