bilibili-render-pdf

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Bilibili video metadata and subtitles, which creates an indirect prompt injection surface. Untrusted data enters the agent context through metadata inspection and subtitle acquisition (CC or Whisper-transcribed text). The skill lacks defined boundary markers or explicit sanitization to isolate this external content from the core instructions. The agent retains high-privilege capabilities such as shell command execution and script running while processing these inputs.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch video assets, metadata, and subtitles from Bilibili, a well-known media service, using the established yt-dlp utility.
  • [COMMAND_EXECUTION]: The instructions require the agent to execute multiple shell commands for media processing, specifically utilizing yt-dlp for downloading, OpenAI Whisper for audio transcription, and ImageMagick for frame management and montage creation.
  • [REMOTE_CODE_EXECUTION]: The workflow involves generating and executing dynamic code at runtime, including the creation of complete LaTeX documents from templates and the generation of Python visualization scripts using matplotlib and seaborn to produce figures for the final PDF deliverable.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 11:07 AM
Security Audit — agent-trust-hub — bilibili-render-pdf