video-viewing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructions explicitly recommend running 'sudo apt-get install ffmpeg'. Instructing an agent or user to utilize root privileges to modify the system environment is a high-risk operation.
- Command Execution (MEDIUM): The skill functions by executing 'scripts/download_video.py', which likely uses subprocesses to call 'ffmpeg' and 'ffprobe' for frame extraction and metadata retrieval. This involves system-level command execution driven by external parameters.
- External Downloads (LOW): The skill's primary function is to download files from arbitrary, non-whitelisted URLs. While intended for video data, this establishes a network communication path to untrusted hosts.
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection via the processing of untrusted external video data.
- Ingestion points: External URLs passed to 'scripts/download_video.py'.
- Boundary markers: Absent; the skill does not define delimiters or instructions to ignore embedded malicious content in video metadata or frames.
- Capability inventory: The script performs file writes to '/mnt/user-data/outputs/' and likely executes subprocesses ('ffmpeg', 'ffprobe').
- Sanitization: No sanitization of video metadata or validation of file contents is documented.
Recommendations
- AI detected serious security threats
Audit Metadata