oxylabs-video-data
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources. Ingestion points: The skill fetches YouTube transcripts, search results, and video metadata via the Oxylabs API in both SKILL.md and examples.md. Boundary markers: External content is retrieved and provided to the agent without explicit delimiters or warnings to ignore embedded instructions. Capability inventory: The skill possesses network capabilities (requests, axios) and file-handling capabilities (yt-dlp). Sanitization: No sanitization, escaping, or validation of the fetched YouTube content is performed before presentation to the agent.
- [DATA_EXFILTRATION] (LOW): The skill performs network operations to non-whitelisted domains (realtime.oxylabs.io and ip.oxylabs.io) to fulfill its stated purpose. While legitimate for this service, any communication with non-whitelisted domains is flagged as a minor risk.
Audit Metadata