video-clipper
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted transcript data and uses it to drive agent logic.
- Ingestion points: The agent reads
transcript.txtin Step 3 to identify and score moments. - Boundary markers: None specified. The instructions do not tell the agent to ignore instructions embedded within the transcript.
- Capability inventory: The skill uses
Bash(for ffmpeg/yt-dlp) andrequests(to upload files to Klap and Captions.ai). - Sanitization: None. Transcripts are used directly to determine which segments to process and what 'hooks' to write.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute shell commands with variables interpolated from user input. - Evidence: Commands such as
yt-dlp ... "<URL>",curl -L -o ... "<URL>", andffmpeg -ss <start> -to <end> ...interpolate user-provided values. If the agent does not properly escape these values, it could lead to arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The skill is designed to download video content from remote sources.
- Evidence: Usage of
yt-dlpfor YouTube andcurlfor public URLs allows the agent to fetch arbitrary files from the internet. While this is the intended purpose of the skill, it creates a surface for Server-Side Request Forgery (SSRF) if the agent is directed to fetch internal resources.
Audit Metadata