embed-subtitles
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative language such as "CRITICAL" and "MUST" to direct agent logic, which can be interpreted as a behavioral override pattern.
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through external subtitle data. Claude is instructed to "analyze the SRT content intelligently" without boundary markers or instructions to ignore embedded commands. Ingestion points: SRT_FILE_PATH (read and processed by the agent). Boundary markers: Absent. Capability inventory: Python file-write and FFmpeg subprocess execution. Sanitization: Absent.
- [COMMAND_EXECUTION]: Uses
python3 -cto dynamically execute Python code for file manipulation on the local system, which is a form of dynamic execution for modifying user data. - [COMMAND_EXECUTION]: Executes a local TypeScript file via
npx ts-nodewith user-supplied arguments (e.g.,--credit). Because the script sourceembed-subtitles.tsis not provided, it is impossible to verify if the skill properly sanitizes these arguments against shell injection.
Audit Metadata