moviepilot-api
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python script (
scripts/mp-api.py) to execute all API requests. The agent is instructed to use this script to perform search, management, and administrative tasks.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves data from an external MoviePilot instance that could contain malicious instructions embedded in media metadata, logs, or plugin details.\n - Ingestion points: API responses processed by
scripts/mp-api.pyand passed to the agent context.\n - Boundary markers: Absent in
SKILL.md. No delimiters or instructions are provided to the agent to treat API data as potentially untrusted.\n - Capability inventory: As documented in the API reference, the skill can perform high-privilege actions including file system modifications (
/api/v1/storage/*), plugin installations (/api/v1/plugin/install/*), and system configuration changes (/api/v1/system/*).\n - Sanitization: Absent in
scripts/mp-api.py. API responses are parsed and returned directly to the agent without filtering.\n- [SAFE]: The skill manages its API token by storing it in~/.config/moviepilot_api/configand properly securing the file with restricted permissions (read/write only for the owner), which is a security best practice.\n- [SAFE]: The script disables SSL certificate verification (ssl.CERT_NONE). While this is a security best practice violation, it is documented as a convenience for home-lab environments with self-signed certificates and does not appear to be malicious in intent.
Audit Metadata