Skills
NYC
skills/vm0-ai/vm0-skills/youtube/Gen Agent Trust Hub

youtube

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill fetches untrusted data from external sources that could contain malicious instructions.
  • Ingestion points: SKILL.md uses the commentThreads and search endpoints which return user-controlled text like comments, titles, and descriptions.
  • Boundary markers: Absent. The skill does not implement delimiters or provide warnings to the agent to ignore instructions embedded in the API response.
  • Capability inventory: The skill utilizes bash -c for command execution and curl for network access.
  • Sanitization: None. The data is processed directly via jq and returned to the agent without filtering or validation.
  • [Data Exposure] (LOW): The API key is passed as a plaintext query parameter in curl commands.
  • Evidence: The skill constructs URLs like https://www.googleapis.com/youtube/v3/search?...&key=${YOUTUBE_API_KEY}.
  • Context: While this is a standard authentication method for the YouTube Data API v3, it is less secure than header-based authentication as keys may be captured in shell history or server logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:02 PM