plex
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile uses directive language ("⚠️ MANDATORY SKILL INVOCATION ⚠️") and claims that failure to invoke the skill violates operational requirements, which is a technique intended to bypass the agent's standard tool-use reasoning. - [COMMAND_EXECUTION]: The
scripts/plex-api.shhelper script executes shell commands viacurlbased on user-supplied parameters. While search terms are URL-encoded, other inputs like library IDs and metadata keys are interpolated into the URL string without strict validation. - [PROMPT_INJECTION]: Documentation in the
references/directory includes examples for destructive API operations like deleting media items and modifying server preferences, which contradicts the skill's stated read-only purpose and creates a risk of unintended data loss. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted media metadata (such as titles and summaries) from the Plex API without boundary markers or sanitization. Ingestion points: metadata returned by
scripts/plex-api.shfrom the configured Plex server; Boundary markers: Absent; Capability inventory: Shell and network access viacurl; Sanitization: No sanitization is applied to the data retrieved from the API.
Audit Metadata