youtube-to-bookplayer
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to execute system commands including file operations, network requests viayt-dlp, and iOS device interaction viapymobiledevice3. While these are necessary for the skill's functionality, they represent a broad capability surface. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install external binary dependencies (
yt-dlp,ffmpeg,exiftool) via Homebrew and utilizesuvxto fetch and run thepymobiledevice3package. These are well-known tools from established sources and are standard for media-related automation tasks. - [DYNAMIC_EXECUTION]: The skill uses shell heredocs (
python3 << 'PYEOF') to generate and execute Python scripts at runtime. This is specifically used to interact with thepymobiledevice3library. The logic is transparent and static within the skill instructions, but runtime script generation is a pattern typically monitored for complexity. - [INDIRECT_PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes untrusted metadata (titles, channel names) from YouTube videos.
- Ingestion points: Data enters the agent context through
yt-dlp --dump-jsonin Phase 1 ofSKILL.md. - Boundary markers: Explicit delimiters for the external data are not used in the extraction script.
- Capability inventory: The skill can perform network operations (
yt-dlp), write to the filesystem (exiftool), and write to a connected iOS device (pymobiledevice3). - Sanitization: The skill mitigates this risk by requiring the user to confirm or customize the metadata via
AskUserQuestionbefore it is applied to files, and it employs filename truncation to prevent filesystem exploits.
Audit Metadata