youmind-youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@youmind-ai/clipackage from the NPM registry. This is a vendor-owned resource used for the skill's core functionality. - [COMMAND_EXECUTION]: The skill utilizes Bash commands to interact with the YouMind CLI and Node.js for parsing JSON data from API responses. These operations are restricted to the intended purpose of material creation and transcript retrieval.
- [SAFE]: Authentication is handled via the
YOUMIND_API_KEYenvironment variable. The skill documentation explicitly instructs the agent to guide the user in setting up the key securely without pasting it into the chat session, preventing accidental credential exposure. - [SAFE]: The workflow involves processing external YouTube transcripts which presents a theoretical surface for indirect prompt injection. However, the skill implements data handling via structured JSON parsing and is used for its primary purpose of summarization, which is considered a standard and safe use case.
Audit Metadata