Skills
skills/dkyazzentwatwa/vid-clipper/universal-video-clipper/Gen Agent Trust Hub

universal-video-clipper

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script ai_clip_generator.py executes multiple external command-line tools using the subprocess module, including ffmpeg for video editing, ffprobe for metadata extraction, yt-dlp for downloads, whisper for transcription, and npx remotion for rendering captions. While it uses list-based arguments to prevent shell injection, the reliance on multiple external binaries with broad capabilities increases the risk profile.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of video files from YouTube and potentially other platforms using the yt-dlp utility. This involves interacting with untrusted remote servers and processing potentially malicious media files.
  • [CREDENTIALS_UNSAFE]: In the download_video function, the script attempts several download methods, two of which include the --cookies-from-browser flag for Chrome and Firefox. This command allows the tool to read the user's browser cookie database to authenticate with YouTube. This constitutes an exposure of sensitive local credentials and session tokens to the script and the underlying yt-dlp tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) when processing transcripts and metadata from third-party videos.
  • Ingestion points: Video transcripts and metadata downloaded from YouTube are interpolated into an LLM prompt template (prompt_templates/clip_analysis_prompt.md).
  • Boundary markers: The prompt template relies on standard Markdown headers but lacks robust isolation or delimiters to separate untrusted transcript data from instructions, which could allow malicious content in a video transcript to influence the agent's behavior.
  • Capability inventory: The script can read and write files, execute shell commands (via FFmpeg/Remotion), and perform network operations.
  • Sanitization: While the code includes basic sanitization for output filenames and validates the JSON structure of the AI's response, it does not sanitize the input transcript content before processing, nor does it possess defenses against a transcript designed to manipulate the clipping logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 04:25 AM