videodb
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
Bashtool to execute Python code snippets for SDK interaction. Instructions recommend usingpython -cor heredocs for operations such as connecting to collections, uploading media, and managing capture sessions. This provides a broad surface for arbitrary code execution within the agent's environment. - [EXTERNAL_DOWNLOADS]: Setup procedures require the installation of the
videodbandpython-dotenvpackages from PyPI. These are legitimate dependencies required for the skill's primary functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves untrusted data, such as video transcripts and visual scene descriptions, and interpolates them directly into LLM prompts for summarization and analysis.
- Ingestion points: Untrusted data enters the context via
video.get_transcript_text()andvideo.index_scenes()in files likeSKILL.mdandreference/generative.md. - Boundary markers: Documentation examples (e.g., in
reference/generative.md) demonstrate direct interpolation into f-strings without using delimiters or instructions to ignore embedded commands. - Capability inventory: The VideoDB SDK allows for network requests (API calls), media generation, and file uploads. Additionally,
scripts/ws_listener.pywrites event data to the local filesystem. - Sanitization: There is no evidence of content sanitization, escaping, or validation performed on the transcripts before they are processed by the LLM.
Audit Metadata