Skills
skills/riccardogrin/skills/transcribing-youtube/Gen Agent Trust Hub

transcribing-youtube

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script download_audio.py executes system utilities yt-dlp and ffmpeg via subprocess.run to process YouTube URLs. While arguments are passed as a list to mitigate direct shell injection, the scripts perform operations based on external, unvalidated URL inputs.
  • [DATA_EXFILTRATION]: The skill's Phase 0 verification logic and the transcribe_audio.py script access the .env file to retrieve the OPENAI_API_KEY. Accessing environment configuration files is a sensitive operation involving potential credential exposure, though it is used here for its primary intended purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes and summarizes transcripts from external YouTube videos.
  • Ingestion points: The agent reads the transcript content from transcriptions/<VIDEO_ID>_transcript.txt in Phase 4.
  • Boundary markers: Absent. The instructions do not implement delimiters or provide 'ignore instructions' warnings for the content being summarized.
  • Capability inventory: The agent can execute local scripts, write to the file system, and interact with the OpenAI API.
  • Sanitization: Absent. The transcript is processed as raw text without filtering or escaping of potential instructions spoken in the video audio.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 09:44 AM