yt
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (HIGH): The skill documentation indicates that during the setup phase, the API key is 'saved to your shell profile'. Modifying shell initialization files (like ~/.bashrc or ~/.zshrc) is a high-risk persistence technique that can be leveraged to execute commands or set environment variables across all future sessions.
- Unverifiable Scripts (MEDIUM): The skill requires the execution of a local script 'scripts/tapi-auth.js' during registration and verification. As the code for this script is not provided, its actions cannot be audited, posing a potential risk of arbitrary command execution.
- Indirect Prompt Injection (LOW): The skill fetches YouTube transcripts from an external API, creating a surface for indirect prompt injection where malicious content in a video transcript could influence agent behavior.
- Ingestion points: Output from 'curl' requests to transcriptapi.com.
- Boundary markers: Absent.
- Capability inventory: Subprocess execution via 'node' and network access via 'curl'.
- Sanitization: No sanitization logic is described for the API response.
- External Downloads (LOW): The skill performs multiple network requests to 'transcriptapi.com' to fetch data. While this aligns with its stated purpose, it involves external dependencies outside of the trusted scope.
Recommendations
- AI detected serious security threats
Audit Metadata