extract-transcript
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from YouTube transcripts. Malicious actors could include instructions within a video's captions to subvert the agent's behavior when the transcript is analyzed.
- Ingestion points: The extract_transcript.py script fetches data from an external, third-party source (YouTube) using the youtube-transcript-api library.
- Boundary markers: There are no delimiters or protective instructions in the output to help the agent distinguish between the transcript data and valid commands.
- Capability inventory: The script can write data to any file path provided as the output_file argument, and it performs network requests to access YouTube's transcript services.
- Sanitization: The transcript text is not sanitized, filtered, or validated before being returned to the agent or written to the local filesystem.
Audit Metadata