Trust Assessment
yt received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 6 critical, 2 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Unsanitized user input in Node.js command arguments, Unsanitized user input in `curl` command arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:467 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:468 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:472 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:473 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:581 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/yt/scripts/tapi-auth.js:688 | |
| HIGH | Unsanitized user input in Node.js command arguments The `SKILL.md` provides examples of `node` commands where placeholders like `USER_EMAIL`, `TOKEN_FROM_STEP_1`, and `CODE` are expected to be substituted. The `scripts/tapi-auth.js` script parses these arguments directly from `process.argv`. If the LLM substitutes untrusted user input into these placeholders without proper shell escaping, a malicious user could inject arbitrary command-line arguments (e.g., `--evil-arg 'value'`) or even separate shell commands (e.g., `; rm -rf /`), leading to command injection. Ensure all user-provided inputs (e.g., email, token, OTP) are strictly validated and properly shell-escaped before being passed as arguments to `node` commands. Consider using a robust argument parsing library that handles untrusted input securely or explicitly quoting/escaping each argument. | LLM | SKILL.md:18 | |
| HIGH | Unsanitized user input in `curl` command arguments The `SKILL.md` provides `curl` command examples that include placeholders like `VIDEO_URL` and `QUERY`. If the LLM substitutes untrusted user input into these placeholders without proper URL encoding and shell escaping, a malicious user could inject arbitrary command-line arguments into the `curl` command (e.g., `--data-urlencode 'payload=$(evil_command)'`) or manipulate the URL to exfiltrate data or perform other malicious actions. Ensure all user-provided inputs used in `curl` commands (especially `VIDEO_URL` and `QUERY`) are strictly validated, URL-encoded, and properly shell-escaped before being incorporated into the command string. | LLM | SKILL.md:46 | |
| MEDIUM | API key output to stdout The `scripts/tapi-auth.js` script outputs the generated `TRANSCRIPT_API_KEY` to `stdout` upon successful verification. While this is intended behavior for a CLI tool to provide the key to the user, if the agent's execution environment logs `stdout` without proper redaction or access controls, this could lead to the API key being stored in potentially insecure logs, increasing the risk of data exfiltration or unauthorized access. Avoid outputting sensitive credentials like API keys directly to `stdout` in machine-readable modes unless explicitly requested and handled securely by the calling environment. If output is necessary, consider masking parts of the key or providing it through a more secure channel. Ensure that agent logging mechanisms are configured to redact or secure sensitive information. | LLM | scripts/tapi-auth.js:234 |
Scan History
Embed Code
[](https://skillshield.io/report/bc361ba6c238d70c)
Powered by SkillShield