transcript
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Persistence Mechanisms (HIGH): The skill documentation states that the
tapi-auth.jsscript saves credentials to the user's shell profile. Modifying shell configuration files (like .bashrc or .zshrc) is a persistence technique that can be used to execute unauthorized commands every time a new terminal session begins. - Indirect Prompt Injection (MEDIUM): The skill processes YouTube transcripts from an external API, which is an untrusted source. Maliciously crafted transcripts can contain instructions designed to hijack the agent's behavior during summarization or analysis. (1) Ingestion points:
transcriptfield in API response; (2) Boundary markers: None; (3) Capability inventory: Summarization, translation, and content analysis; (4) Sanitization: None. - Command Execution (HIGH): The setup process requires the agent to execute local Node.js scripts (
./scripts/tapi-auth.js) for registration and verification. These scripts operate with the user's local privileges and perform file system modifications. - External Network Operations (LOW): The skill makes network requests to
transcriptapi.com. This domain is not on the trusted source list for agent skills.
Recommendations
- AI detected serious security threats
Audit Metadata