youtube
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection by processing untrusted data from YouTube.
- Ingestion points: YouTube video metadata (titles, descriptions, artist info) is ingested via
yt-dlpandytmp3(SKILL.md, references/mp3-download.md). - Boundary markers: Absent. There are no instructions to the agent to treat external metadata as data only or to ignore embedded instructions.
- Capability inventory: The skill has access to
Bash,Read, andWritetools (SKILL.md). - Sanitization: Absent. The workflow demonstrates interpolating variables like
{Artist}and{Album}directly into shell commands (e.g.,ytmp3 finalize) without explicit escaping or validation. - Unverifiable Dependencies (LOW): The skill references a command
ytmp3which is not a standard system utility or a widely recognized package likeyt-dlp. While it is listed as a prerequisite in a 'Brewfile', its source and integrity are not specified, creating a dependency on an unverified external tool. - Command Execution (LOW): The skill's primary function involves executing multiple shell commands (
yt-dlp,eyeD3,ytmp3). While these are necessary for the skill's purpose, they increase the impact of potential command injection if malicious metadata is processed.
Audit Metadata