video
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill builds shell commands by directly inserting external URLs (e.g., VIDEO_URL, EPISODE_URL) into tool executions for yt-dlp and curl. Without rigorous sanitization, this allows an attacker to execute arbitrary commands by providing a specially crafted URL containing shell metacharacters.
- [DATA_EXFILTRATION]: The instructions include the use of the --cookies-from-browser chrome flag with yt-dlp. This action enables the tool to read and potentially expose the user's local browser cookies, which are sensitive credentials, for the purpose of bypassing anti-bot measures.
- [EXTERNAL_DOWNLOADS]: The skill performs multiple outbound network connections to fetch media files from various hosting platforms and to communicate with the Groq API for audio transcription services.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted external media content. Ingestion points: External media URLs and extracted transcripts in SKILL.md. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the final summary prompt. Capability inventory: yt-dlp, ffmpeg, curl, and shell execution. Sanitization: No evidence of input validation or sanitization for the data processed from external sources is present.
Recommendations
- AI detected serious security threats
Audit Metadata