youtube
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads source code from an unverified personal GitHub repository (github.com/ZubeidHendricks/youtube-mcp-server) to provide MCP server functionality.
- [COMMAND_EXECUTION]: Automates the cloning, installation, and compilation of external code using shell commands like git clone and npm run build in the /tmp directory.
- [REMOTE_CODE_EXECUTION]: Executes dynamically built JavaScript code located in the temporary system directory (/tmp/youtube-mcp-server/dist/cli.js) to interact with API services.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes user-controlled content from YouTube (transcripts and descriptions) that could contain malicious instructions.
- Ingestion points: Transcripts and metadata fetched from youtube.com via the MCP server or yt-dlp.
- Boundary markers: No delimiters or "ignore embedded instructions" warnings are present in the processing logic.
- Capability inventory: Executes external commands and tools via mcporter and yt-dlp.
- Sanitization: No evidence of content sanitization or escaping of transcript data before it enters the agent context.
Audit Metadata