video-perception
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves video content and subtitles from YouTube using the yt-dlp utility. As YouTube is a well-known service and this action is central to the skill's documented purpose, it is classified as safe.
- [COMMAND_EXECUTION]: Interfaces with system tools such as ffmpeg for media analysis through an MCP server. These operations are standard for the described video processing tasks and are handled via defined tool calls.
- [PROMPT_INJECTION]: The skill processes untrusted external data which creates a surface for indirect prompt injection. 1. Ingestion points: YouTube subtitles and video metadata (SKILL.md). 2. Boundary markers: Absent from the prompt instructions. 3. Capability inventory: Video processing and metadata retrieval via MCP tools. 4. Sanitization: Not specified in the skill body. This is a common characteristic of analysis-focused skills and does not indicate malicious intent.
- [DATA_EXFILTRATION]: Network activity is restricted to fetching content from user-specified YouTube URLs for processing, with no evidence of sensitive data exposure or unauthorized transfers.
Audit Metadata