podcast
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include using bash to unzip user-provided files and curl to upload image assets to presigned URLs. These commands are part of a documented workflow to handle local file limitations within the environment.
- [EXTERNAL_DOWNLOADS]: The agent uses the capture_website tool to fetch content from user-specified URLs. This external data is then used as the primary factual source for the video script.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes content from external websites to generate natural language dialogue. 1. Ingestion points: The capture_website tool used in Step 3. 2. Boundary markers: No specific delimiters or safety instructions are used to separate scraped content from the script generation prompt. 3. Capability inventory: The agent can execute video generation (generate_reference_video), file manipulation (bash), and network uploads (curl). 4. Sanitization: Scraped content is parsed for facts but not explicitly sanitized to remove embedded instructions.
Audit Metadata