youtube
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Downloads (MEDIUM): The skill requires the installation of an opaque skill package (
skp-z40t25bhzfl8riuieuy5sy37) from an untrusted author (chizblank). The actual implementation logic is hosted remotely and cannot be audited from the provided files. - Indirect Prompt Injection (MEDIUM): The skill creates a vulnerability surface for indirect prompt injection. Ingestion points: Untrusted data enters via the
video_title,video_description, andvideo_tagsinput fields. Boundary markers: There are no delimiters or 'ignore' instructions wrapping the user-provided metadata. Capability inventory: The skill possesses significant 'write' capabilities, including uploading videos and managing channel content on YouTube. Sanitization: There is no evidence of sanitization or filtering of the metadata before it is passed to the remote workflow, which could result in the execution of unintended instructions embedded in video descriptions. - Command Execution (LOW): The skill's execution pattern involves running local shell commands (
refly,jq,echo). While typical for CLI integrations, this relies on the security of the localreflyinstallation.
Audit Metadata