muapi-youtube-shorts
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator script 'scripts/run-youtube-shorts.sh' executes several system commands including 'muapi', 'yt-dlp', 'ffmpeg', and 'jq'. User-provided input from the '--source' argument is passed to these utilities.- [DATA_EXFILTRATION]: The skill reads the '.env' file from the skills root directory to load configuration variables. It also uploads local or downloaded video files to the external 'muapi.ai' service using the 'muapi upload' command.- [EXTERNAL_DOWNLOADS]: The skill uses the 'yt-dlp' utility to download video content from remote URLs specified by the user.- [PROMPT_INJECTION]: The skill processes external video transcripts which are subsequently analyzed by an LLM for highlight ranking, creating a potential surface for indirect prompt injection.
- Ingestion points: Video content and transcripts derived from the 'source' URL.
- Boundary markers: None identified in the provided scripts.
- Capability inventory: Execution of 'muapi', 'yt-dlp', and 'ffmpeg' via shell.
- Sanitization: No explicit validation or sanitization of transcript content before LLM analysis.
Audit Metadata