media-understand
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill transmits the content of local media files and YouTube URLs to an external API (
internal.infquest.com) for processing. While this is the intended function, the domain is not on the trusted whitelist. - [EXTERNAL_DOWNLOADS] (LOW): The script allows referencing and processing content from external YouTube URLs.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Malicious instructions could be embedded within the processed media files (e.g., text in images or spoken commands in audio) which the AI model might follow during analysis.
- Ingestion points:
media-understand.jsreads local files or YouTube URLs provided via command line arguments. - Boundary markers: Absent. Media content is directly appended to the user message structure without explicit delimiters or instructions to ignore embedded content.
- Capability inventory: Network POST requests via
fetchto a remote API. No file system write or arbitrary command execution capabilities were detected. - Sanitization: The script includes file extension validation (
IMAGE_EXTS,VIDEO_EXTS,AUDIO_EXTS) which effectively limits the file-reading capability to media formats, preventing the accidental exposure of sensitive system or configuration files (e.g.,.env, SSH keys).
Audit Metadata