video-analysis
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads public TikTok/Reels videos via scripts/download_videos_from_manifest_with_ytdlp.mjs and then sends those user-generated videos (and their Source URL included in the prompt) to Gemini in scripts/run_video_analysis_batch.mjs, so untrusted third-party content is ingested and directly influences model analysis and downstream actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata