rip-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads file paths and task metadata from 'todolist.md', which could be manipulated by an external source.
- Ingestion points: Processes 'todolist.md' for video IDs and file paths.
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded malicious text within the ingested data.
- Capability inventory: Calls the 'rip_video' MCP service and updates local files.
- Sanitization: No validation or escaping of the parsed strings is performed before they are used in tool calls or file system operations.
Audit Metadata