wjs-localizing-video
Fail
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches a static ffmpeg binary from an external third-party domain (https://evermeet.cx/ffmpeg/getrelease/zip) when the system version is deemed insufficient. This source is not categorized as a trusted organization or well-known technology service.\n- [REMOTE_CODE_EXECUTION]: After downloading, the skill extracts the archive and executes the binary from a temporary directory (/tmp/ff_bin/ffmpeg). Executing unverified binaries at runtime is a high-risk security pattern that bypasses standard package management security controls.\n- [COMMAND_EXECUTION]: The skill relies on several shell-based tools, including ffmpeg for audio/video manipulation and uvx for running the Whisper transcription model.\n- [PROMPT_INJECTION]: The skill implements a workflow for processing external, untrusted subtitle (SRT) data, which presents an indirect prompt injection surface. \n
- Ingestion points: Reads and translates content from source-language SRT files. \n
- Boundary markers: The instructions lack explicit delimiters or safety warnings to the model to ignore any instructions found within the subtitle content. \n
- Capability inventory: The skill has the ability to execute system binaries, perform file system operations, and make network requests via the Volcano TTS API. \n
- Sanitization: There is no evidence of validation or filtering of the subtitle text before it is processed by the LLM or subsequent scripts.
Recommendations
- AI detected serious security threats
Audit Metadata