youtube-watcher
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python script executes the
yt-dlpcommand-line utility to retrieve video metadata and subtitles. It uses a list-based argument structure withsubprocess.run, which is a security best practice to prevent shell injection. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of
yt-dlpvia system package managers (brew or pip) and fetches external content (subtitles) from YouTube during execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text data from external sources (YouTube transcripts). An attacker could place malicious instructions within video subtitles to influence the behavior of the AI agent when it processes the transcript.
- Ingestion points: The
scripts/get_transcript.pyfile downloads and reads content from external YouTube subtitle files. - Boundary markers: There are no delimiters or specific instructions provided to the agent to treat the fetched transcript as untrusted data.
- Capability inventory: While the script only prints text, the agent using this skill typically performs summarization or reasoning tasks on the provided text.
- Sanitization: The
clean_vttfunction removes technical metadata and timestamps but does not filter or sanitize the actual text content for malicious instructions.
Audit Metadata