Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency in manifest, Potential command injection via unsanitized VIDEO_URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-zwl3z/SKILL.md:10 | |
| CRITICAL | Potential command injection via unsanitized VIDEO_URL Multiple shell command snippets in the skill's documentation use `VIDEO_URL` as a placeholder for user input. If the AI agent executing these commands does not properly sanitize or shell-escape the `VIDEO_URL` before substitution, an attacker could inject arbitrary shell commands. For example, by providing a `VIDEO_URL` containing shell metacharacters (e.g., `"; rm -rf /"`), an attacker could execute malicious commands on the host system. This is a critical vulnerability pattern when user-controlled strings are directly interpolated into shell commands without proper escaping. The AI agent responsible for executing this skill must ensure that all user-provided inputs, especially `VIDEO_URL`, are rigorously sanitized and properly shell-escaped before being passed to `yt-dlp` or any other shell command. For example, using `shlex.quote()` in Python or similar mechanisms in other languages. The skill developer should explicitly state this requirement or provide examples of safe execution within the skill's documentation. | LLM | SKILL.md:20 | |
| HIGH | Unpinned dependency in manifest The skill's manifest specifies `yt-dlp` as a dependency without pinning a specific version. This allows `pip` to install the latest available version, which could introduce breaking changes or, in a worst-case scenario, malicious code if the `yt-dlp` package or its distribution channel is compromised in the future. It is best practice to pin dependencies to specific versions to ensure reproducibility and security. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `"package": "yt-dlp==2023.11.16"`). Regularly review and update pinned versions to incorporate security fixes and new features. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/1e35fa73a81cacc0)
Powered by SkillShield