Skills
NYC
skills/smithery/ai/youtube/Gen Agent Trust Hub

youtube

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (HIGH): Vulnerable to Indirect Prompt Injection.
  • Ingestion points: The skill uses yt-dlp to fetch external transcripts, video titles, and descriptions.
  • Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands in the downloaded data.
  • Capability inventory: The skill allows Bash, Read, and Write tools, providing a powerful execution environment for injected payloads.
  • Sanitization: No sanitization or validation of the external content is performed before processing.
  • Command Execution (MEDIUM): The skill relies on several external binaries (yt-dlp, eyeD3, and the undocumented ytmp3). The use of an unknown command like ytmp3 without a verifiable source or installation path represents a risk, and passing unvalidated YouTube metadata as arguments to these shell commands could lead to traditional command injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:41 AM