benchmark-to-brief
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted research artifacts such as reports, tables, and comment analyses which may contain malicious instructions designed to influence agent behavior.
- Ingestion points: Loading of artifacts like final reports and strategy tables as described in SKILL.md.
- Boundary markers: The skill lacks specific delimiters or system-level instructions to ignore embedded prompts within the source data.
- Capability inventory: The package includes scripts for shell execution (yt_dlp) and network communication (hosted media generation bridge).
- Sanitization: No data validation or sanitization logic is present for the research inputs.
- [COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs executes external commands with parameters derived from external data.
- Evidence: It uses spawn to run python3 -m yt_dlp with source URLs from a manifest file. While using spawn is generally safer than exec, the reliance on untrusted URLs for command arguments represents a surface for argument injection.
Audit Metadata