Skills
skills/blink-new/claude/watch-video/Gen Agent Trust Hub

watch-video

Fail

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface.
  • Ingestion points: Video titles, descriptions, and transcripts are fetched from external Loom and YouTube URLs in SKILL.md and scripts/loom_meta.py.
  • Boundary markers: Absent. The prompt template in scripts/analyze_video.py interpolates external metadata directly into the system prompt without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes subprocess calls for yt-dlp and performs network POST requests to Google and OpenAI APIs.
  • Sanitization: Absent. External content is passed to the model without filtering.
  • [REMOTE_CODE_EXECUTION]: Automated scanners flagged a pattern where curl is piped to python3.
  • Evidence: curl -s "https://www.loom.com/v1/oembed?url=LOOM_URL" | python3 -c "..." found in SKILL.md.
  • Context: This is identified as a false positive. The command uses the -c flag to execute a hardcoded Python string for JSON parsing of the API response, rather than executing the content of the response itself.
  • [EXTERNAL_DOWNLOADS]: Fetches video data and metadata from external platforms.
  • Evidence: Uses yt-dlp and curl to interact with loom.com, youtube.com, and Google/OpenAI API endpoints.
  • Context: These interactions involve well-known services and are strictly aligned with the skill's stated purpose of video analysis.
Recommendations
  • HIGH: Downloads and executes remote code from: https://www.loom.com/v1/oembed?url=LOOM_URL - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 11, 2026, 09:15 PM