Skills
skills/yangliu2060/smith--skills/youtube-video-analyzer/Gen Agent Trust Hub

youtube-video-analyzer

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and processes untrusted data from external sources.
  • Ingestion points: Data is fetched from YouTube video pages (titles, descriptions) and third-party transcript services (youtubetranscript.com).
  • Boundary markers: None. The skill does not define clear delimiters or instructions to the AI to ignore embedded commands within the fetched content.
  • Capability inventory: The agent has access to Read/Write tools for caching results and WebFetch for network requests.
  • Sanitization: None. There is no evidence of validation or filtering for the external text before it is analyzed by the AI.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve video data and transcripts from external domains.
  • Evidence: Fetches content from youtube.com and youtubetranscript.com using the WebFetch tool.
  • Context: These operations are required for the primary function of the skill, but users should be aware that content is being pulled from a third-party transcription service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 03:23 PM