Skills
skills/youdotcom-oss/agent-skills/youdotcom-cli/Gen Agent Trust Hub

youdotcom-cli

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the @youdotcom-oss/api package from the official npm or bun registries. These are vendor-owned resources provided by the skill author.
  • [COMMAND_EXECUTION]: The skill executes the ydc command-line tool and jq via the Bash environment to perform searches and process JSON data. This is the primary intended functionality of the skill.
  • [PROMPT_INJECTION]: The skill proactively addresses indirect prompt injection risks by requiring the agent to wrap all external web content in <external-content> delimiters and explicitly instructing the agent to ignore any commands or instructions found within those blocks. It also recommends using jq to extract only necessary data fields, reducing the attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 05:07 AM