youtube-comments-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate utility for fetching public YouTube comment threads and replies using official API channels.
- [DATA_EXFILTRATION]: The tool communicates exclusively with authorized Google API endpoints (
googleapis.com). It ensures that API keys are not hardcoded and includes functionality to mask secrets in stdout and log files to prevent accidental credential exposure. - [COMMAND_EXECUTION]: The Python implementation relies on standard libraries (
urllib.request) and does not usesubprocess,os.system, oreval. It performs no dangerous system-level operations. - [PROMPT_INJECTION]: The instructions and templates provided in the skill are focused on tool execution and do not contain patterns designed to bypass agent safety filters or override system instructions.
- [CREDENTIALS_UNSAFE]: The skill correctly manages configuration via environment variables. The provided
assets/config.example.envuses placeholders rather than real secrets, and documentation guides users toward secure secret management practices.
Audit Metadata