Trust Assessment
youtube-transcript received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Instructions for host LLM embedded in skill documentation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Instructions for host LLM embedded in skill documentation The `SKILL.md` file, which is treated as untrusted content, contains direct instructions intended for the host LLM. These instructions attempt to dictate how the LLM should process the skill's output (e.g., not modifying the transcript, cleaning it up, or saving it to a file). This is a prompt injection attempt, as untrusted content is trying to manipulate the LLM's behavior. Remove all instructions intended for the host LLM from the `SKILL.md` file. LLM behavior regarding skill output should be managed by the agent's orchestration logic or the skill's code, not by documentation. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/fcb363cc7a1994db)
Powered by SkillShield