youtube-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external content from YouTube.
- Ingestion points: Data is ingested through tools like YOUTUBE_LIST_COMMENT_THREADS and YOUTUBE_SEARCH_YOU_TUBE as described in SKILL.md.
- Boundary markers: The instructions lack explicit boundary markers or warnings to ignore embedded instructions within the retrieved YouTube data.
- Capability inventory: The skill possesses significant write capabilities, including YOUTUBE_UPLOAD_VIDEO, YOUTUBE_UPDATE_VIDEO, and YOUTUBE_SUBSCRIBE_CHANNEL, which could be abused if an injection is successful.
- Sanitization: No sanitization or validation logic is present to filter malicious instructions from YouTube comments or metadata before processing.
Audit Metadata