Skills
skills/skillatlas/skills/scrapesocial-youtube/Gen Agent Trust Hub

scrapesocial-youtube

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the scrapesocial command-line tool via npm (npm install -g scrapesocial). This tool is provided by the vendor (Skill Atlas) to enable the YouTube scraping functionality.
  • [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute various shell commands using the scrapesocial CLI to retrieve data from YouTube.
  • [PROMPT_INJECTION]: The skill processes untrusted external data such as YouTube transcripts and comments, which constitutes an indirect prompt injection surface.
  • Ingestion points: External data is fetched through the youtube transcript and youtube comments commands specified in SKILL.md.
  • Boundary markers: The instructions do not define delimiters or provide warnings to the agent regarding the presence of potentially malicious instructions within the fetched YouTube data.
  • Capability inventory: The skill uses subprocess execution of the scrapesocial CLI to fulfill its research tasks.
  • Sanitization: There is no mention of sanitizing, filtering, or validating the content of transcripts or comments before they are analyzed or summarized by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:22 PM