video-understand
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Data Exposure (MEDIUM): The
scripts/check_providers.pyscript checks for the existence of sensitive Google Cloud credentials at~/.config/gcloud/application_default_credentials.json. While this is used to verify the availability of Vertex AI, accessing credential paths is a high-risk pattern that is downgraded here due to its relevance to the skill's primary function. - Command Execution (MEDIUM): The
scripts/setup.pyfile defines arun_commandfunction that usesshell=True. Although used for hardcoded system checks in the setup process, the inclusion of shell-enabled execution utilities represents a potential security risk if reused or extended. - Indirect Prompt Injection (LOW): The skill ingests and processes untrusted external data from video sources and transcripts, which can be used as a vector for indirect prompt injection.
- Ingestion points: Video content and transcripts from YouTube URLs and local files.
- Boundary markers: No explicit delimiters or instructional guardrails were found in the prompt construction logic.
- Capability inventory: The skill can execute system commands (
ffmpeg,yt-dlp) and perform network operations viarequests. - Sanitization: There is no evidence of sanitization for the data returned by AI providers before it is presented to the agent.
- External Downloads (LOW): The skill utilizes
requests.getandyt-dlpto download content from non-whitelisted domains. This is a core feature for video processing but constitutes a network exposure surface.
Audit Metadata