youtube-digest
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external sources (YouTube transcripts and web pages) and processes it to generate summaries and quiz questions. There is a risk that malicious instructions embedded in a video's subtitles or a fetched web page could influence the agent's behavior.
- Ingestion points:
scripts/extract_transcript.sh(YouTube subtitles) andreferences/deep-research.md(WebFetch tool for web pages). - Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands in the fetched data.
- Capability inventory: The skill can execute shell scripts, perform web searches, and fetch web content.
- Sanitization: None. The workflow includes correcting proper nouns but does not sanitize the input for potential prompt injection patterns.
- [External Downloads / Binary Dependency] (LOW): The skill depends on
yt-dlp, an external command-line utility. Whileyt-dlpis a standard tool for video metadata extraction, it must be pre-installed on the host system, and its behavior depends on the version installed. - [Command Execution] (LOW): The skill executes local shell scripts (
scripts/extract_metadata.shandscripts/extract_transcript.sh) using arguments provided by the user (YouTube URLs). While the scripts use proper quoting ("$URL") to mitigate simple command injection, the execution of shell scripts with external parameters remains a notable attack surface.
Audit Metadata