video-transcription
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it ingests and processes untrusted transcription text from external sources.
- Ingestion points: Transcription artifacts (SRT, TXT, JSON) are downloaded and stored in
_postplus_shared/40-creative/audio-transcription/scripts/_shared.mjs. - Boundary markers: None; external transcript content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill can execute subprocesses (yt-dlp) and perform network operations (fetch).
- Sanitization: No sanitization is performed on the ingested transcription text before it is returned to the agent context.
- [COMMAND_EXECUTION]: The script
_postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjsspawns apython3subprocess to execute theyt_dlpmodule for media retrieval. - [CREDENTIALS_UNSAFE]: The library
_postplus_shared/00-core/shared-runtime/scripts/lib/postplus_cli_config.mjsreads and writes to a localconfig.jsonfile to manage session tokens used for authenticating with the hosted transcription service. - [EXTERNAL_DOWNLOADS]: The skill performs external downloads of video files via
yt-dlpand fetches transcription output artifacts from remote URLs generated by the hosted provider. - [DATA_EXFILTRATION]: Local media files are uploaded to the vendor's hosted API endpoints (e.g.,
transcription-whisper-with-video) as part of the primary transcription workflow.
Audit Metadata