Skills
skills/linzzzzzz/openclip/video-clip-extractor/Gen Agent Trust Hub

video-clip-extractor

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the uv installation script from astral.sh, which is a well-known developer tool provider. It also clones the openclip tool directly from the author's GitHub repository.- [COMMAND_EXECUTION]: The skill uses bash commands to sync project dependencies and execute the video_orchestrator.py Python script for video highlight extraction.- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface because it processes untrusted transcripts and user-defined intent through an LLM. 1. Ingestion points: Video files, platform subtitles, and the --user-intent parameter. 2. Boundary markers: No specific delimiters or instructions are used to isolate the video content from the system prompt. 3. Capability inventory: The skill has the ability to clone repositories, install packages, and execute local scripts. 4. Sanitization: There is no documentation of content filtering or sanitization for ingested transcripts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 06:41 AM