loom-transcript
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute
curlcommands inbashusing interpolated values from user input (<VIDEO_ID>) and API responses (<url>). This pattern lacks explicit sanitization or validation instructions, creating a potential risk for command injection if the agent processes malformed or malicious strings. - [EXTERNAL_DOWNLOADS] (LOW): The skill makes multiple network requests to fetch video metadata and transcript files from
loom.comand other URLs provided by the API. This involves downloading and processing untrusted external content. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. Ingestion points: video transcripts downloaded from external URLs (Step 4). Boundary markers: None provided in the presentation logic (Step 5). Capability inventory: Shell execution capabilities (
bash,curl). Sanitization: None. The agent is directed to present the full transcript text, which could contain hidden instructions designed to hijack the agent's session or influence its behavior.
Audit Metadata