youtube-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The skill references and executes a local script at
./scripts/tapi-auth.jsthat is not provided in the source files. This allows for the execution of unverified logic that handles sensitive user information such as emails and OTPs. - [Persistence Mechanisms] (HIGH): The skill explicitly states that it saves the API key to the user's shell profile. Modifying shell configuration files (e.g.,
~/.bashrc,~/.zshrc) is a persistence-tier security violation and an unsafe way to manage credentials. - [Data Exposure & Exfiltration] (MEDIUM): Sensitive user data (email and OTP) is sent to the external domain
transcriptapi.com. While this is the intended service, the operation is handled by an opaque script, preventing verification of what additional data might be collected. - [Indirect Prompt Injection] (LOW): The skill contains an attack surface for indirect prompt injection. 1. Ingestion points: YouTube search queries and video transcript text. 2. Boundary markers: Absent from the search and transcript retrieval workflows. 3. Capability inventory: Network access via
curland local script execution. 4. Sanitization: No sanitization of ingested content before processing is documented.
Recommendations
- AI detected serious security threats
Audit Metadata