plex
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file uses forceful language, such as 'MANDATORY SKILL INVOCATION' and 'YOU MUST invoke', to override the agent's tool-selection process. The skill also presents an indirect prompt injection risk by ingesting untrusted media metadata from the Plex API. Ingestion points: Data enters via the scripts/plex-api.sh helper script. Boundary markers: The skill lacks delimiters to distinguish media content from instructions. Capability inventory: The agent can execute shell commands and make network requests via the provided scripts. Sanitization: API responses are not sanitized for malicious instructions.
- [COMMAND_EXECUTION]: The skill includes a helper script, scripts/plex-api.sh, that performs API calls using shell commands. While most commands are for data retrieval, the reference documentation lists endpoints for potentially destructive actions like deleting media items or terminating sessions.
Audit Metadata