transcribe
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingest untrusted data from external TikTok videos (audio transcripts and titles) and instructs the agent to analyze, summarize, and use this data to create new files and update a central index file.
- Ingestion points: Transcript files generated in the
transcripts/directory and video metadata (titles) extracted from external URLs. - Boundary markers: No delimiters or safety instructions are provided to the agent to distinguish between valid data and potentially malicious instructions embedded in the transcripts.
- Capability inventory: File system access (read/write), directory creation, and shell command execution.
- Sanitization: There is no evidence of sanitization or validation of the transcript content or video titles before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill performs shell operations and executes Python code via
python -cusing a string template. The template uses a placeholder (VIDEO_URL_HERE) intended to be replaced with user-supplied URLs. If the agent interpolates these URLs without strict sanitization, it could lead to command injection within the Python interpreter context.
Audit Metadata