youtube-summarizer
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads code from a personal GitHub repository that is not a well-known service.
- Evidence: Clones 'https://github.com/kimtaeyoon83/mcp-server-youtube-transcript.git' during installation as specified in SKILL.md.
- [REMOTE_CODE_EXECUTION]: Build scripts are executed on untrusted external code.
- Evidence: The installation process runs 'npm install && npm run build' within the third-party repository.
- [COMMAND_EXECUTION]: Dynamic execution of downloaded JavaScript code.
- Evidence: Uses 'node -e' to import and run modules from the './dist/' folder of the cloned dependency.
- [COMMAND_EXECUTION]: Access to and manipulation of sensitive system directories.
- Evidence: The skill creates and writes to directories under '/root/clawd/', which typically requires root-level permissions.
- [DATA_EXFILTRATION]: Transmission of local files to an external messaging service.
- Evidence: Utilizes 'curl' to send transcript files from '/tmp/' to the Telegram Bot API using stored secrets.
- [PROMPT_INJECTION]: Processing of untrusted video transcript data creates an attack surface for indirect prompt injection.
- Evidence: Transcripts are converted to strings and inserted into summarization templates without sanitization or protective boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata