Skills
skills/stephengpope/thepopebot/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data (YouTube transcripts) that an attacker could use to embed instructions to manipulate the agent's behavior.
  • Ingestion points: The file transcript.js retrieves external content via the YoutubeTranscript.fetchTranscript(videoId) function.
  • Boundary markers: The output does not use delimiters or explicit 'ignore embedded instructions' warnings when printing the transcript text to the console.
  • Capability inventory: The script performs network reads to fetch transcripts but does not have capabilities for writing to the file system, executing shell commands (beyond the entry point), or sending data to third-party domains.
  • Sanitization: The script performs HTML entity decoding via decodeHtmlEntities() but lacks sanitization or filtering to prevent the agent from interpreting transcript text as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:41 AM