Trust Assessment
youtube-watcher received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Video ID, Unpinned `yt-dlp` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Controlled Video ID The skill's usage instructions demonstrate executing a Python script (`get_transcript.py`) with a user-provided YouTube video URL. If the `get_transcript.py` script directly incorporates the user-controlled `VIDEO_ID` into a shell command (e.g., using `subprocess.run` with `shell=True` or without proper argument sanitization when calling `yt-dlp`), it could be vulnerable to command injection. An attacker could craft a malicious `VIDEO_ID` to execute arbitrary commands on the host system. The `get_transcript.py` script must properly sanitize and escape all user-provided input before passing it to `yt-dlp` or any other shell command. It is strongly recommended to use `subprocess.run` with a list of arguments (e.g., `['yt-dlp', url]`) and avoid `shell=True` to prevent shell injection. | LLM | SKILL.md:15 | |
| MEDIUM | Unpinned `yt-dlp` dependency The skill's manifest (frontmatter in SKILL.md) specifies `yt-dlp` as a dependency for both `brew` and `pip` installations, but does not pin it to a specific version. This means that the latest available version will always be installed. While convenient, this introduces a supply chain risk as a new version could contain breaking changes, vulnerabilities, or even malicious code if the package repository is compromised. Pin the `yt-dlp` dependency to a specific, known-good version in the manifest. For `pip`, this would involve adding `==X.Y.Z` to the package name (e.g., `"package": "yt-dlp==2023.11.16"`). For `brew`, consider specifying a version if the formula supports it, or ensure a robust update strategy. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/d06331a3cf9cc54a)
Powered by SkillShield