video-tool

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask users for API keys and run commands that embed those keys verbatim (e.g., video-tool config keys --set KEY=VALUE and examples showing sk-xxx/gsk_xxx), which requires the LLM to handle secret values in its output.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The astral.sh URL serves a raw shell installer (curl | sh) from a non-major domain which is high-risk to run unreviewed, while the GitHub repo is hosted on a mainstream platform and is inspectable (lower risk) but comes from an individual/unknown account so it isn’t guaranteed safe—overall this combination is moderately high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and processes videos from public sites (e.g., "Download videos from YouTube or other sites" and the command video-tool video download -u "URL" / the "Download and Process YouTube Video" workflow) and then transcribes/reads those user-generated videos/transcripts as part of its pipeline, exposing the agent to untrusted third-party content.