Back to skill

Security audit

YouTube Transcript Pipeline

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it advertises, but it handles transcript/audio data through third-party services with limited user-facing disclosure and control.

Review this skill before installing if your videos or transcripts may contain private, confidential, regulated, or unpublished information. Confirm that you are comfortable with content being sent to Deepgram and Google Translate, and prefer explicit approval for downloads, translation, and workspace creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script sends transcript bodies to translate.googleapis.com, which exports potentially sensitive interview content to a third-party service. In a transcript-processing pipeline, this increases data exposure risk, especially if transcripts contain confidential business, personal, or regulated information and the network transfer is not clearly disclosed in the pipeline's interface or documentation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance is broad enough to match many ordinary transcript or translation requests, which can cause the skill to activate in situations where the user did not intend external downloads, API usage, or filesystem changes. Over-broad triggering increases the chance of surprise side effects and unintended disclosure of user content to external services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises outputs and packaging behavior but does not clearly warn that it will download external content and create directories/files in the workspace. Users may invoke it expecting analysis only, while the skill performs persistent local changes and pulls remote media, which can have privacy, storage, and compliance consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow requires use of Deepgram for transcription but does not explicitly disclose that user-provided audio/content will be transmitted to a third-party service. This is a meaningful privacy and data-governance risk, especially for interviews or sensitive recordings, because users may unknowingly send confidential material outside their environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Transcript content is transmitted to an external Google endpoint without any warning, consent prompt, or privacy notice in the script. Because this skill processes interview transcripts, the context makes undisclosed exfiltration more concerning: users may reasonably expect local processing for transcription artifacts and may not realize their data is being shared with a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal