Skills
skills/kwindla/skill-caption-clip/caption-clip/Gen Agent Trust Hub

caption-clip

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several subprocesses to perform its tasks:
  • Invokes yt-dlp to download specific sections of YouTube videos.
  • Uses ffmpeg for converting media files to MP4 and burning SRT subtitles into the video stream.
  • Employs shell commands (grep, cut, tr) to extract the Deepgram API key from a local .env file.
  • Executes a bundled Python script json-to-srt.py to transform API responses into subtitle files.
  • [EXTERNAL_DOWNLOADS]: Communicates with external services to fulfill its primary functions:
  • Downloads video and audio streams from YouTube.
  • Sends audio data to api.deepgram.com (a well-known service) for transcription.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present during the subtitle cleanup workflow (Step 5):
  • Ingestion points: The agent reads the content of clip.srt, which is generated from external YouTube audio transcribed by a third-party API.
  • Boundary markers: There are no explicit delimiters or safety instructions provided to the agent to treat the subtitle content as untrusted data or to ignore potential instructions within it.
  • Capability inventory: The skill has the ability to execute system commands (ffmpeg, yt-dlp, python3) and perform file system writes.
  • Sanitization: The transcription data is not sanitized or validated for malicious prompts before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 04:30 PM