spy
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands including
yt-dlp,whisper, andffmpegto process downloaded media. These commands incorporate external URLs retrieved from a scraper, which is a common vector for command injection if input is manipulated.- [EXTERNAL_DOWNLOADS]: The skill downloads video files from Instagram to the local/tmpdirectory. It also directs the user to install several third-party software packages (yt-dlp,openai-whisper,ffmpeg) and an external MCP server to enable its core functionality.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted text from external sources. - Ingestion points: Instagram captions and transcribed audio from reels are ingested into the agent context for analysis.
- Boundary markers: No delimiters or isolation instructions are provided to separate the untrusted external content from the agent's logic.
- Capability inventory: The skill possesses the ability to execute shell commands and perform file operations.
- Sanitization: There is no evidence of sanitization or filtering of the ingested external content before it is processed by the agent.
Audit Metadata