Make Subtitles
Pass
Audited by Gen Agent Trust Hub on Jun 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external media content via the
video_urlparameter, which presents an indirect prompt injection surface. Malicious audio content within the processed video could potentially contain instructions intended to influence the behavior of the transcription or subtitling system. - Ingestion points: The
video_urlparameter in the REST API example inSKILL.mdaccepts untrusted external media links. - Boundary markers: There are no explicit markers or instructions defined to ignore potential commands embedded within the media content.
- Capability inventory: The skill calls the
mcp__agent-media__make_subtitlestool and performs network operations againstapi.agent-media.ai. - Sanitization: The provided documentation does not specify sanitization or verification protocols for the content of the media files being processed.
Audit Metadata