videodb

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is not obfuscated malware but exposes high-risk surveillance and exfiltration capabilities — desktop/microphone/screen capture (long-lived background processes, PID files), persistent storage of recordings, realtime visual/audio indexing and alerts, and webhook/callback fields (for transcodes, exports, and alerts) that can forward sensitive activity (even examples like "alert when a password field appears") to arbitrary endpoints — making it easily abusable for data exfiltration and privacy invasion despite lacking explicit backdoor/exec/obfuscation code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and processes arbitrary public/third-party media (e.g., coll.upload(url="https://..."), YouTube uploads, coll.connect_rtstream(rtsp/rtmp URLs)) and real-time visual/text AI outputs delivered via the WebSocket listener (scripts/ws_listener.py writes videodb_events.jsonl with "visual_index"/"transcript" events), and the SKILL.md/reference docs instruct the agent to read those events and trigger alerts or pipeline actions—so untrusted, user-generated web content is read and can materially influence agent behavior.