youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches video metadata and transcript data from YouTube's official domains (youtube.com). These operations target a well-known service and are necessary for the skill's primary function.
- [PROMPT_INJECTION]: As the skill ingests external text from YouTube captions, it presents an indirect prompt injection surface. Maliciously crafted transcripts could contain instructions intended to influence the agent's behavior.
- Ingestion points:
youtube-transcript.jsfetches external content via HTTP GET requests. - Boundary markers: The output is formatted (JSON, SRT, etc.), but no explicit delimiters or instructions are provided to the agent to disregard embedded commands in the transcript text.
- Capability inventory: The skill has the ability to write files to the local filesystem using the
--outputflag. - Sanitization: The script performs XML unescaping and whitespace normalization but does not filter for potentially malicious natural language instructions.
- [DATA_EXPOSURE]: The skill implements a local cache in
/tmp/youtube-transcript-cache/to store retrieved transcripts for 24 hours. While standard for performance, content stored in shared temporary directories may be accessible to other local users depending on environment configuration. - [COMMAND_EXECUTION]: The script provides a file-writing capability via the
--outputparameter. While intended for saving transcripts, this allows the agent to write data to arbitrary paths provided in the arguments.
Audit Metadata