Skills
skills/sundial-org/awesome-openclaw-skills/youtube-transcript/Gen Agent Trust Hub

youtube-transcript

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fetch_transcript.py executes sensitive system commands that modify network configuration.
  • Evidence: Uses subprocess.run to call wg-quick up wg0 and ip rule add from 10.100.0.2 table 51820.
  • Impact: These operations typically require root/sudo privileges and modify the system's global routing table and network interfaces.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
  • Ingestion points: Fetches video transcripts from YouTube and video metadata (titles/authors) from noembed.com in scripts/fetch_transcript.py.
  • Boundary markers: None identified. The skill directly returns raw text for the agent to process.
  • Capability inventory: The script contains subprocess.run calls for VPN management, although these are triggered based on VPN state rather than transcript content.
  • Sanitization: No sanitization or filtering is performed on the retrieved transcript text or video title before providing it to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill requires external libraries and interacts with third-party services.
  • Fetches video metadata from noembed.com.
  • Requires installation of youtube-transcript-api and requests via pip.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 03:29 PM