omnicaptions-LaiCut
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installing a package from a non-standard PyPI repository (lattifai.github.io). This poses a supply-chain risk as the source is not a standard trusted registry. Evidence: 'pip install' with '--extra-index-url' in SKILL.md.
- [CREDENTIALS_UNSAFE] (LOW): The skill manages an API key and suggests storing it in local configuration files (~/.config/omnicaptions/config.json) or environment variables, which could be targeted by other malicious processes.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses Bash tools to execute external CLI commands. This grants the agent significant capability to interact with the host system via the 'omnicaptions' and 'lai' namespaces defined in the allowed-tools section.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted external data (caption files and audio). There is a risk of indirect prompt injection if these files contain hidden instructions intended to manipulate the agent during the alignment or conversion process. Evidence: 1. Ingestion points: Input audio and caption files processed by the 'omnicaptions LaiCut' command. 2. Boundary markers: No delimiters or ignore instructions are used when passing file content to tools. 3. Capability inventory: Bash tool execution (omnicaptions, lai) and file reading. 4. Sanitization: No explicit sanitization or validation of the input caption text is documented.
Audit Metadata