jellyfin
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by explicitly instructing the agent to ask for credentials and tokens rather than assuming defaults or searching for them in the environment.
- [SAFE]: The instructions mandate a human-in-the-loop approach for sensitive actions, requiring the agent to summarize intended changes (deletions, metadata rewrites, or permission updates) before execution.
- [SAFE]: No obfuscation, hardcoded credentials, or suspicious remote code downloads were found in the skill metadata or instructions.
- [PROMPT_INJECTION]: The skill exhibits a standard indirect prompt injection attack surface which is typical for tools interacting with external data:
- Ingestion points: Processes untrusted data from server logs, Docker inspection, and Jellyfin HTTP API responses.
- Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Perform HTTP API writes, read system logs, and inspect container status.
- Sanitization: No specific data sanitization or filtering is described.
- Note: The overall risk is low and appropriate for the skill's management purpose.
Audit Metadata