transcriptapi
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Persistence Mechanisms (HIGH): The authentication process described in the setup instructions involves running a local script (
scripts/tapi-auth.js) that modifies the user's shell profile (e.g.,.bashrcor.zshrc) and agent configuration files. This is a high-severity finding as it establishes persistence and alters system-level environmental configurations. - Indirect Prompt Injection (LOW): The skill is designed to ingest and summarize YouTube transcripts from an external API (
transcriptapi.com). This creates a surface for indirect prompt injection, as malicious instructions could be embedded in the transcript text. - Ingestion points: Video transcripts retrieved via the
/api/v2/youtube/transcriptendpoint. - Boundary markers: None identified; transcripts are directly passed for summarization without delimiters.
- Capability inventory: Shell command execution (
node,curl), file system modification (via setup script), and network access. - Sanitization: None identified; the instructions suggest direct summarization of untrusted external content.
- Command Execution (MEDIUM): The skill requires the execution of a local Node.js script (
tapi-auth.js) to handle authentication. This script performs sensitive operations, including writing to local configuration files and modifying the system environment.
Recommendations
- AI detected serious security threats
Audit Metadata