media-ingest
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface as it ingests and processes untrusted data from external sources.
- Ingestion points: Data enters the agent context via YouTube transcripts, PDF/Book text extraction, image OCR, and GitHub repository content (README and key files), as described in Phase 1 of
SKILL.md. - Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions embedded within the processed media items.
- Capability inventory: The skill uses
put_page,add_link, andadd_timeline_entryto modify the knowledge base, providing a mechanism for malicious data to potentially influence the internal database (SKILL.md). - Sanitization: There is no mention of sanitizing or escaping the content fetched from external sources before it is used to populate brain pages.
- [COMMAND_EXECUTION]: The skill directs the agent to clone GitHub repositories and read internal files to summarize software architecture. This is a standard functional capability for technical ingestion and does not involve the execution of the downloaded code.
- [EXTERNAL_DOWNLOADS]: The skill fetches content from well-known external services, specifically GitHub for repository data and YouTube for video transcripts, to perform its documented ingestion tasks.
Audit Metadata