subtitles
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Node.js script (
scripts/tapi-auth.js) designed to handle account registration and API key verification for the TranscriptAPI service. - [COMMAND_EXECUTION]: The setup script modifies multiple shell configuration files (e.g.,
.bashrc,.zshenv,.profile,.zprofile) and PowerShell/Fish profiles to persist theTRANSCRIPT_API_KEYenvironment variable for command-line access. - [COMMAND_EXECUTION]: The script automatically updates agent-specific configuration files such as
~/.openclaw/openclaw.jsonto store the API key and enable the skill. - [DATA_EXFILTRATION]: During the registration process, the user's email address and subsequent verification codes are transmitted to
transcriptapi.com. This is a legitimate interaction with the vendor's service infrastructure. - [PROMPT_INJECTION]: The skill ingests external content in the form of YouTube subtitles, which presents a potential surface for indirect prompt injection. 1. Ingestion points: Subtitle data retrieved from
https://transcriptapi.com/api/v2/youtube/transcript(SKILL.md). 2. Boundary markers: None present in the skill instructions. 3. Capability inventory: The skill utilizescurlfor network requests and the authentication script performs file-system modifications. 4. Sanitization: No explicit sanitization or validation of the retrieved subtitle text is performed before it is processed by the agent.
Audit Metadata