broll-finder

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill fetches and processes YouTube transcripts to help the agent identify relevant video segments. Since these transcripts are generated from external video content, they represent an untrusted data source. There is a risk of indirect prompt injection if a video's captions contain malicious instructions designed to influence the agent's behavior during the selection phase.
  • Ingestion points: scripts/transcripts.py fetches captions and saves them to work/transcripts/<id>.md for agent review.
  • Boundary markers: The transcript files use Markdown headers and source URLs as delimiters, but do not include explicit instructions for the agent to ignore commands embedded within the captions.
  • Capability inventory: The skill has the ability to write files and execute shell commands via ffmpeg and yt-dlp.
  • Sanitization: scripts/_common.py performs basic HTML tag removal using regex when parsing VTT subtitle files.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to invoke external tools such as ffmpeg, ffprobe, and yt-dlp. These commands are primarily constructed as lists, which is a best practice that mitigates standard shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The core functionality involves downloading video segments and metadata from YouTube. This requires network access and interaction with external YouTube/Google servers. Per the [TRUST-SCOPE-RULE], these operations target well-known services (Google/YouTube) and are considered safe within the context of the skill's stated purpose.
  • [CREDENTIALS_UNSAFE]: The skill attempts to resolve a YouTube Data API key by checking the environment and searching specific local filesystem paths, such as ~/.cursor/skills/reel-discovery/config.json. While this is a vendor-specific pattern for sharing configuration between related skills, it involves reading sensitive configuration files located outside of the skill's own directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM