Trust Assessment
youtube-transcript received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Prompt Injection Attempt in Skill Description, Prompt Injection Attempt in Skill Description (Output Formatting), Prompt Injection Attempt in Skill Description (Output Saving).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt in Skill Description The skill's `SKILL.md` file contains direct instructions intended for the host LLM, such as 'CRITICAL: YOU MUST NEVER MODIFY THE RETURNED TRANSCRIPT' and directives on how to format or save the output. These instructions are embedded within the untrusted skill description, attempting to manipulate the LLM's behavior and override its core instructions. This is a severe form of prompt injection. Remove all instructions intended for the host LLM from the skill's `SKILL.md` description. The skill description should only describe the skill's functionality, not dictate the LLM's behavior or processing of the skill's output. | LLM | SKILL.md:31 | |
| HIGH | Prompt Injection Attempt in Skill Description (Output Formatting) The skill's `SKILL.md` file contains instructions for the host LLM regarding how to process and format the output, such as 'If the transcript is without timestamps, you SHOULD clean it up so that it is arranged by complete paragraphs and the lines don't cut in the middle of sentences.' and instructions for saving the output. These are direct attempts to influence the LLM's post-processing behavior from within untrusted skill content. Remove all instructions intended for the host LLM from the skill's `SKILL.md` description. The skill description should only describe the skill's functionality, not dictate the LLM's behavior or processing of the skill's output. | LLM | SKILL.md:32 | |
| HIGH | Prompt Injection Attempt in Skill Description (Output Saving) The skill's `SKILL.md` file contains instructions for the host LLM regarding how to save the output, such as 'If you were asked to save the transcript to a specific file, save it to the requested file.' and 'If no output file was specified, use the YouTube video ID with a `-transcript.txt` suffix.' These are direct attempts to influence the LLM's post-processing behavior from within untrusted skill content. Remove all instructions intended for the host LLM from the skill's `SKILL.md` description. The skill description should only describe the skill's functionality, not dictate the LLM's behavior or processing of the skill's output. | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/f7a2bd9cf775004b)
Powered by SkillShield