watch
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing system binaries to process video files. It uses subprocess calls to run ffmpeg, ffprobe, and yt-dlp for downloading, frame extraction, and audio processing.
- [EXTERNAL_DOWNLOADS]: The skill uses yt-dlp to download video and subtitle content from user-provided URLs. On macOS, the setup script also attempts to automatically install these dependencies using Homebrew.
- [DATA_EXFILTRATION]: Audio data extracted from videos is transmitted to external APIs (api.groq.com or api.openai.com) for transcription. This behavior is documented and requires the user to manually configure their own API keys in a local configuration file.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) from the content of the videos it processes.
- Ingestion points: The transcript extracted from video captions or generated via Whisper is included in the output of
scripts/watch.py, which is then read by the agent. - Boundary markers: Transcripts are placed within markdown code blocks in the generated report.
- Capability inventory: The agent has high-privilege tool access, including
BashandReadcapabilities. - Sanitization: There is no active sanitization or filtering of the transcript text to prevent instructions embedded in the video audio/captions from influencing the agent's behavior.
Audit Metadata