audio-transcription
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and ingests arbitrary public web media and provider output URLs as part of its core workflow — e.g., _postplus_shared/00-core/.../download_videos_from_manifest_with_ytdlp.mjs uses item.sourceUrl with yt_dlp, scripts/_shared.mjs's resolveProviderMediaInput accepts https:// URLs, and downloadProviderOutputs calls fetch(remoteUrl) — so untrusted third‑party content is read and can influence transcription and downstream actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). This skill makes runtime calls to the PostPlus hosted API (e.g. ${config.apiBaseUrl}/api/postplus-cli/hosted/capability and ${auth.apiBaseUrl}/api/postplus-cli/auth/refresh), and the remote responses may include productError.quoteConfirmation / agentAction fields (confirmationCommand, retryCommandTemplate) that are injected into agent error handling and used as agent instructions, so external content fetched at runtime can directly control agent prompts/commands and the skill depends on that hosted endpoint.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata