Skills
skills/pamelafox/presentation-skills/youtube-live-chat/Gen Agent Trust Hub

youtube-live-chat

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted live chat data from YouTube that may contain instructions designed to influence the agent's behavior.\n
  • Ingestion points: External live chat data is retrieved from YouTube in get_live_chat.py using the yt-dlp library.\n
  • Boundary markers: The output uses a simple [author]: message format without structural delimiters or specific warnings to ignore instructions within the chat text.\n
  • Capability inventory: The script has the capability to write to the filesystem through the --output argument in get_live_chat.py.\n
  • Sanitization: There is no filtering or sanitization performed on the content of the chat messages before they are processed by the agent.\n- [EXTERNAL_DOWNLOADS]: Fetches live chat transcripts and metadata from YouTube's official servers using the yt-dlp package.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:34 PM