youtube-data
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (HIGH): The 'verify' step in the setup instructions states that the API key is 'saved to your shell profile'. Modifying shell initialization files like .bashrc or .zshrc is a high-risk persistence pattern used to maintain state across sessions by altering the user's persistent environment.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from an external API (YouTube transcripts) for processing. (1) Ingestion points: Video transcripts and metadata fetched via curl from transcriptapi.com. (2) Boundary markers: No delimiters or instruction-ignore warnings are used to prevent the agent from following directions embedded in fetched content. (3) Capability inventory: The skill can execute local scripts and perform network operations. (4) Sanitization: There is no evidence of sanitization for the fetched transcript text.
- Data Exposure & Exfiltration (LOW): The skill performs network requests using curl to a third-party domain (transcriptapi.com) that is not on the trusted or whitelisted lists. It transmits user-provided URLs and uses an API key in the Authorization header.
Recommendations
- AI detected serious security threats
Audit Metadata