Skills
skills/thinkfleetai/thinkfleet-engine/youtube-summarizer/Snyk

youtube-summarizer

Fail

Audited by Snyk on Mar 1, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The YouTube URLs themselves are benign content links, but the GitHub repository requires cloning, npm install and executing built Node code from an unvetted/unknown account — downloading and running unreviewed repository code (and npm install scripts) is a common malware vector, so this set represents a moderate-to-high risk unless the repo is audited and trusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md steps "1. Detect YouTube URL" and "2. Fetch Transcript") explicitly fetches transcripts from public YouTube videos via the MCP YouTube transcript server, meaning the agent ingests untrusted, user-generated third‑party content (video captions/transcripts) and uses it to drive summaries and responses, so those external transcripts could contain instructions that influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill instructs installing and running code fetched from https://github.com/kimtaeyoon83/mcp-server-youtube-transcript.git (via git clone and npm build) which, if installed or updated at runtime, supplies the node module that is executed to fetch transcripts, making it a required external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs installing and writing files under /root (cloning and building a server, saving transcripts to /root paths) and even offers to "install it automatically," which directs the agent to modify the host filesystem and potentially perform privileged operations and evasion behavior, so it risks compromising machine state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 1, 2026, 05:18 AM