askvideo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (HIGH): The skill instructs the agent to install an external npm package 'askvideo' from an untrusted source (npm install -g askvideo). There is no mechanism to verify the integrity of this package.
- Command Execution (MEDIUM): The skill relies on executing shell commands via the 'askvideo' CLI, including passing user-provided strings and URLs, which increases the attack surface for command injection if the underlying tool is vulnerable.
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external data (YouTube transcripts). * Ingestion points: Transcripts fetched from YouTube URLs provided at runtime. * Boundary markers: Absent; there are no instructions to differentiate between the agent's core rules and the content of the video. * Capability inventory: The agent executes shell commands and returns responses based on external data. * Sanitization: Absent; the transcript content is treated as authoritative for summarization and QA. An attacker could embed instructions in a video transcript to hijack the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata