video-tool
Fail
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Instructions include fetching an installation script for the uv package manager from the official astral.sh domain and piping it to the shell.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs its core CLI directly from the author's official GitHub repository and references external utilities like ffmpeg and yt-dlp.
- [COMMAND_EXECUTION]: Employs dynamic context injection in SKILL.md to execute shell commands at load time for verifying the installation status of required tools.
- [PROMPT_INJECTION]: Identifies an attack surface for indirect prompt injection when processing untrusted transcript data. 1. Ingestion points: Video transcripts generated from user-provided files. 2. Boundary markers: No explicit delimiters or instructions are provided to isolate transcript content within generation templates. 3. Capability inventory: Extensive access to shell execution via Bash, file system operations, and network tools. 4. Sanitization: No validation or filtering is applied to the transcript text before it is used to generate LLM-powered descriptions or posts.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata