skills/jmagar/lab/jellyfin/Gen Agent Trust Hub

jellyfin

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows security best practices by explicitly instructing the agent to ask for credentials and tokens rather than assuming defaults or searching for them in the environment.
  • [SAFE]: The instructions mandate a human-in-the-loop approach for sensitive actions, requiring the agent to summarize intended changes (deletions, metadata rewrites, or permission updates) before execution.
  • [SAFE]: No obfuscation, hardcoded credentials, or suspicious remote code downloads were found in the skill metadata or instructions.
  • [PROMPT_INJECTION]: The skill exhibits a standard indirect prompt injection attack surface which is typical for tools interacting with external data:
  • Ingestion points: Processes untrusted data from server logs, Docker inspection, and Jellyfin HTTP API responses.
  • Boundary markers: None explicitly defined in the instructions.
  • Capability inventory: Perform HTTP API writes, read system logs, and inspect container status.
  • Sanitization: No specific data sanitization or filtering is described.
  • Note: The overall risk is low and appropriate for the skill's management purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:10 PM
Security Audit — agent-trust-hub — jellyfin