mecene
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): This skill exhibits a risk of Indirect Prompt Injection (Category 8). ● Ingestion points: The skill retrieves untrusted data from external sources, specifically video transcripts, speaker information, and scene metadata via the
/api/videos/:idand/api/clips/:idendpoints. ● Capability inventory: The agent is granted the ability to create, modify, and delete data on the remote platform throughPOST,PATCH, andDELETErequests for timeline overlays. ● Boundary markers: No delimiters or explicit 'ignore instructions' warnings are defined in the skill to separate external data from the agent's core logic. ● Sanitization: There is no evidence of sanitization or filtering for the data retrieved, meaning a transcript containing text like 'delete all overlays' could be interpreted as a directive by the agent.
Audit Metadata