youmind-youtube-transcript
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses 'MANDATORY' instructions to force the agent into specific behaviors, such as presenting onboarding messages and generating summaries without asking for user permission. This limits the user's control over the agent's interaction flow.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists in the video summarization workflow. The skill processes external, untrusted content (YouTube transcripts) and passes it to the LLM for summarization without security boundaries.
- Ingestion points: Transcript data is fetched via
youmind call getMaterialinSKILL.md(Step 4). - Boundary markers: There are no delimiters or warnings used to prevent the LLM from following instructions potentially embedded in the video transcripts.
- Capability inventory: The agent utilizes local command execution (
node -e) and text generation (summarization). - Sanitization: No validation, filtering, or escaping is applied to the transcript text before it is processed by the model.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@youmind-ai/clipackage from the NPM registry. This is a vendor-owned resource necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The workflow involves global installation of software (
npm install -g), which typically requires elevated system permissions and executes external code during the installation process.
Audit Metadata