video-clipper

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted transcript data and uses it to drive agent logic.
  • Ingestion points: The agent reads transcript.txt in Step 3 to identify and score moments.
  • Boundary markers: None specified. The instructions do not tell the agent to ignore instructions embedded within the transcript.
  • Capability inventory: The skill uses Bash (for ffmpeg/yt-dlp) and requests (to upload files to Klap and Captions.ai).
  • Sanitization: None. Transcripts are used directly to determine which segments to process and what 'hooks' to write.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands with variables interpolated from user input.
  • Evidence: Commands such as yt-dlp ... "<URL>", curl -L -o ... "<URL>", and ffmpeg -ss <start> -to <end> ... interpolate user-provided values. If the agent does not properly escape these values, it could lead to arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to download video content from remote sources.
  • Evidence: Usage of yt-dlp for YouTube and curl for public URLs allows the agent to fetch arbitrary files from the internet. While this is the intended purpose of the skill, it creates a surface for Server-Side Request Forgery (SSRF) if the agent is directed to fetch internal resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — video-clipper