youtube-search
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local authentication script (
scripts/tapi-auth.js) which modifies several user configuration files to store theTRANSCRIPT_API_KEYenvironment variable. - Persistence Mechanisms: The script modifies shell startup files including
~/.bashrc,~/.zshenv,~/.profile, and~/.zprofileto export the API key for future sessions. - System Configuration: It also modifies PowerShell profiles on Windows, Fish shell configurations, and agent-specific files like
~/.openclaw/openclaw.json. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from YouTube.
- Ingestion points: The skill fetches video titles, descriptions, and transcripts from
https://transcriptapi.com(which acts as a proxy for YouTube content) into the agent's context. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the fetched YouTube content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill possesses capabilities for network requests and local command execution (via the setup script).
- Sanitization: There is no evidence of sanitization or filtering applied to the search results or transcripts before they are processed by the agent.
Audit Metadata