moviepilot-api
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/mp-api.pyto perform all API interactions. - [REMOTE_CODE_EXECUTION]: The skill provides access to the
/api/v1/plugin/installendpoint, which allows the agent to install plugins from external repository URLs on the target MoviePilot server. This represents a significant capability for remote code execution. - [DATA_EXFILTRATION]: The skill exposes endpoints that return sensitive information, including
/api/v1/system/env(system configuration and environment variables),/api/v1/system/logging(application logs), and/api/v1/user/(user account details). - [CREDENTIALS_UNSAFE]: The script
scripts/mp-api.pyexplicitly disables SSL/TLS certificate verification by settingssl.CERT_NONEandcheck_hostname = False. This makes the connection vulnerable to Man-in-the-Middle (MITM) attacks, potentially allowing an attacker to intercept the API key or other sensitive data transmitted to the MoviePilot host. - [EXTERNAL_DOWNLOADS]: The
/api/v1/storage/downloadendpoint allows the agent to trigger file downloads on the target system via the API. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Data retrieved from the API (e.g., torrent titles, media metadata, log contents) enters the agent's context.
- Boundary markers: The instructions do not define boundary markers or safety instructions for handling data returned from the API.
- Capability inventory: The script
scripts/mp-api.pycan perform destructive actions (delete files), modify system state (update environment, create users), and install code (plugins). - Sanitization: There is no evidence of sanitization or validation of data retrieved from external sources before it is used in subsequent API calls.
Audit Metadata