youtube-video-search
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official YouTube API endpoints and follows standard security practices for credential management by utilizing environment variables rather than hardcoding secrets.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data (video titles and descriptions) from the YouTube API. This risk is inherent to the search functionality and is mitigated by the structured output format.\n
- Ingestion points: The
scripts/youtube_video_search.pyscript parses JSON responses from the YouTubesearch.listandvideos.listendpoints.\n - Boundary markers: Data is delimited and returned to the agent in a machine-readable JSON format.\n
- Capability inventory: The skill has the capability to make network requests to Google APIs and write files to the local directory; it does not use
subprocessorevalfor command execution.\n - Sanitization: Data is structured into specific fields, although the textual content of titles and descriptions remains as provided by the external API.
Audit Metadata