video-clip-extractor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — these are suspicious because the instruction tells you to run a remote install script (curl https://astral.sh/uv/install.sh | sh) and to clone a repository from an unvetted GitHub user (linzzzzzz), which together allow execution of arbitrary code from untrusted sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The orchestrator explicitly downloads videos and platform subtitles from public sites (Bilibili/YouTube) as part of its required workflow (see "Execution" source argument and "Workflow" step 1), then feeds those transcripts into an LLM to identify and select clips, so untrusted user-generated content can influence analysis and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup explicitly fetches and executes remote code — e.g. "curl -LsSf https://astral.sh/uv/install.sh | sh" and "git clone https://github.com/linzzzzzz/openclip.git ~/.local/share/openclip" — and the cloned repository and installed tool are required dependencies that will be executed at runtime, so these URLs directly control code run by the skill.