Trust Assessment
youtube-transcript received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection Attempt in Skill Description.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt in Skill Description The SKILL.md file, which is treated as untrusted input, contains instructions intended for the host LLM. Specifically, the lines 'CRITICAL: YOU MUST NEVER MODIFY THE RETURNED TRANSCRIPT' and 'If you were asked to save the transcript to a specific file, save it to the requested file.' attempt to dictate the LLM's behavior from within untrusted content. This is a direct attempt to manipulate the LLM's instructions and override its operational guidelines. Remove all instructions or directives intended for the host LLM from the untrusted SKILL.md content. LLM instructions should be provided out-of-band or through trusted configuration, not embedded within user-provided or skill-provided descriptions. | Unknown | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/f7a2bd9cf775004b)
Powered by SkillShield