parse-video
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill demonstrates a significant attack surface for indirect prompt injection.
- Ingestion points: The
todolist.mdfile, which contains user-controlled URLs (e.g.,xhslink.com) and file paths. - Boundary markers: Absent. The skill extracts data directly from the markdown file without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can write files to the local system (
save_json) and invoke external tools (mcp_download_video) to download binary data. - Sanitization: None. The URLs and VideoIDs are used directly in file paths and tool arguments without validation.
- External Downloads (HIGH): The skill performs network operations to fetch video content and metadata based on untrusted input from
todolist.md. While it uses an MCP service as an intermediary, the source data is external and potentially malicious. - Command Execution (MEDIUM): Although the snippets show Python-like pseudocode, the logic involves calling sub-services (MCP) with parameters derived from untrusted external sources, which could lead to argument injection in the underlying tool implementation.
Recommendations
- AI detected serious security threats
Audit Metadata