Make Subtitles

Pass

Audited by Gen Agent Trust Hub on Jun 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external media content via the video_url parameter, which presents an indirect prompt injection surface. Malicious audio content within the processed video could potentially contain instructions intended to influence the behavior of the transcription or subtitling system.
  • Ingestion points: The video_url parameter in the REST API example in SKILL.md accepts untrusted external media links.
  • Boundary markers: There are no explicit markers or instructions defined to ignore potential commands embedded within the media content.
  • Capability inventory: The skill calls the mcp__agent-media__make_subtitles tool and performs network operations against api.agent-media.ai.
  • Sanitization: The provided documentation does not specify sanitization or verification protocols for the content of the media files being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 1, 2026, 11:58 AM
Security Audit — agent-trust-hub — Make Subtitles