bilibili-render-pdf
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of several command-line utilities to function, specifically
yt-dlpfor fetching video metadata and streams,whisperfor audio-to-text transcription, andmagick(ImageMagick) for image processing and the creation of figure montages. These are legitimate uses within the scope of generating lecture notes. - [REMOTE_CODE_EXECUTION]: To provide accurate visualizations, the skill allows for the generation and execution of Python scripts using libraries such as
matplotlibandseaborn. These scripts are used to create vector-based charts and diagrams from the data extracted from the video content, which is a primary feature for high-quality pedagogical output. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external, untrusted content from Bilibili videos and incorporates it into a LaTeX document.
- Ingestion points: External data enters the agent context through Bilibili video titles, metadata, and subtitle tracks (manual or AI-generated).
- Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are defined for the processed external text.
- Capability inventory: The agent has the capability to write files (.tex, .pdf, .py, .srt), execute shell commands, and run generated Python scripts.
- Sanitization: The skill lacks explicit instructions to sanitize or escape LaTeX-specific special characters (e.g., $, &, %, _) from the ingested content, which could lead to compilation failures or document manipulation if the source metadata is malicious.
Audit Metadata