_video-watching
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill uses shell commands to run the vcsi utility. By accepting user-provided paths as command arguments without explicit sanitization instructions, it exposes a high risk of command injection.
- INDIRECT_PROMPT_INJECTION (HIGH): The skill processes untrusted input in the form of file paths and video metadata. 1. Ingestion points: Video file paths. 2. Boundary markers: None. 3. Capability inventory: Execution of vcsi via subprocess. 4. Sanitization: No sanitization or validation logic is specified in the skill.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on the third-party Python package vcsi, which is not from a predefined trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata