bilibili-chapter-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Potential shell command injection via unvalidated file paths in
SKILL.md. - The workflow in Step 2 executes
python3 ~/.claude/skills/srt-to-structured-data/scripts/parse_srt.py "<srt_file_path>" --stats. - Because the
<srt_file_path>is interpolated directly into the command string, a malicious user can provide a path like"; rm -rf /; "to execute arbitrary shell commands. - [PROMPT_INJECTION] (LOW): Risk of indirect prompt injection through untrusted subtitle data ingestion.
- Ingestion points: Reads external
.srtfiles provided by the user (SKILL.md Step 1). - Boundary markers: Absent; the skill does not wrap content in delimiters or warn the agent about embedded instructions.
- Capability inventory: Subprocess execution via
python3(SKILL.md Step 2). - Sanitization: None; the skill lacks validation for the input path or the contents of the SRT file before processing.
Recommendations
- AI detected serious security threats
Audit Metadata