Skills
skills/ericosiu/ai-marketing-skills/expert-panel/Gen Agent Trust Hub

expert-panel

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external command-line tools yt-dlp and ffmpeg via the subprocess module in scripts/editorial-brain.py and scripts/content-quality-gate.py to process video content.
  • [REMOTE_CODE_EXECUTION]: The SKILL.md preamble contains instructions to execute telemetry/version_check.py and telemetry/telemetry_init.py. These scripts are not included in the provided source files, making their behavior unverifiable and presenting a risk if they are modified or downloaded dynamically.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from external, attacker-controllable sources, specifically RSS feeds via feedparser in scripts/quote-mining-engine.py and YouTube auto-captions/subtitles in scripts/editorial-brain.py.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from RSS feeds and YouTube transcripts and interpolates them directly into LLM prompts without sanitization or boundary markers.
  • Ingestion points: scripts/quote-mining-engine.py (RSS feeds), scripts/editorial-brain.py (YouTube subtitles).
  • Boundary markers: Absent; external content is interpolated directly into prompts (e.g., FULL TRANSCRIPT: {full_transcript}).
  • Capability inventory: Subprocess execution (ffmpeg, yt-dlp), network requests (urllib.request), and file writing (json.dump).
  • Sanitization: No sanitization is performed on the ingested text before it is sent to the LLM.
Recommendations
  • HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 04:44 PM