videodb-skills
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the 'videodb' and 'python-dotenv' packages from PyPI and additional skill components via 'npx'.
- [COMMAND_EXECUTION]: Setup requires running shell commands such as 'pip install' and 'npx' to install the SDK and configure the skill.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8) due to the processing of untrusted media content from external URLs and YouTube. Ingestion points: YouTube links, web URLs, and local video files (SKILL.md). Boundary markers: No explicit delimiters or instructions are used to isolate untrusted video transcripts or metadata from the agent's system instructions. Capability inventory: Supports uploading, searching, editing, and generating content based on external inputs (SKILL.md). Sanitization: Lacks documented sanitization for ingested transcripts or visual data.
Audit Metadata