Trust Assessment
yt-api-cli received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in installation instructions, Potential command injection via unsanitized user input to CLI arguments, Excessive permissions exposed by underlying API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in installation instructions The skill's installation instructions use '@latest' for the 'go install' command and 'releases/latest' for the 'curl' command. This means that future installations could pull an arbitrary, potentially malicious, version of the 'yt-api-cli' tool if the upstream repository is compromised. It is best practice to pin dependencies to a specific version or commit hash to ensure reproducibility and security. Pin the dependency to a specific version or commit hash. For example, `go install github.com/nerveband/youtube-api-cli/cmd/yt-api@v1.2.3` or `curl -L -o yt-api https://github.com/nerveband/youtube-api-cli/releases/download/v1.2.3/yt-api-darwin-arm64`. | LLM | SKILL.md:10 | |
| HIGH | Potential command injection via unsanitized user input to CLI arguments The skill wraps an external command-line interface (CLI) tool, 'yt-api'. Many commands described, such as 'yt-api search --query "golang tutorial"' or 'yt-api upload video ... --title "My Video"', take arguments that are likely to be populated by user input (e.g., search queries, video titles, descriptions, tags, IDs). If the LLM constructs these commands by directly interpolating untrusted user input without proper sanitization or escaping, a malicious user could inject arbitrary shell commands, leading to command injection. The LLM must rigorously sanitize and escape all user-provided arguments before incorporating them into shell commands. This includes escaping quotes, semicolons, backticks, dollar signs, and other shell metacharacters. Consider using a dedicated library for shell command construction that handles escaping automatically. | LLM | SKILL.md:48 | |
| MEDIUM | Excessive permissions exposed by underlying API The 'yt-api-cli' tool interacts with the YouTube Data API v3, which provides extensive capabilities including uploading, modifying, and deleting videos, managing playlists, and updating channel information. While the skill itself doesn't define permissions, it exposes the full power of this API to the LLM. If the LLM is compromised or misinterprets user intent, it could be coerced into performing destructive or unintended actions on the user's YouTube account. The manifest also indicates required environment variables for API credentials, highlighting the sensitive nature of the operations. Implement strict access control and confirmation mechanisms within the LLM for sensitive or destructive operations (e.g., 'Are you sure you want to delete this video?'). If possible, configure the OAuth credentials with the minimum necessary scopes (least privilege) required for the skill's intended functionality, rather than full API access. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/86005ef68ca324c5)
Powered by SkillShield