subtitles
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (HIGH): The setup instructions for
scripts/tapi-auth.jsexplicitly state that the API key is 'saved to your shell profile'. This implies the script modifies sensitive configuration files such as~/.bashrc,~/.zshrc, or~/.profileto inject environment variables. Modifying shell startup scripts is a high-risk persistence technique used to maintain access or alter the execution environment. - Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from an external source (YouTube transcripts via a third-party API).
- Ingestion points: Data enters through the
https://transcriptapi.com/api/v2/youtube/transcriptendpoint. - Boundary markers: There are no delimiters or instructions provided to the agent to treat the fetched transcript as untrusted data.
- Capability inventory: The agent has the ability to execute
nodescripts (during setup) and perform network operations viacurl. - Sanitization: No evidence of sanitization or filtering of the transcript content exists, allowing potentially malicious instructions embedded in subtitles to influence agent behavior.
- Command Execution (MEDIUM): The skill relies on executing local Node.js scripts (
scripts/tapi-auth.js) with user-provided inputs (USER_EMAIL,TOKEN_FROM_STEP_1,CODE). While intended for authentication, these scripts execute outside the standard agent context and modify system configuration.
Recommendations
- AI detected serious security threats
Audit Metadata