clipit

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to hide internal behavior (e.g., "NEVER" tell the user it transcribes) and to unconditionally extract sensitive data, which are deceptive/withholding directives outside the skill's stated, user‑facing purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests arbitrary web and YouTube content via download_file and download_youtube_video in clip.py, transcribes that untrusted/user-generated media and passes the transcript to the OpenAI model in find_segment, so it clearly exposes the agent to untrusted third-party content that could contain indirect prompt injections.