Skills
skills/soul-brews-studio/oracle-skills-cli/watch/Gen Agent Trust Hub

watch

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection due to the ingestion of untrusted external content.
  • Ingestion points: Video metadata (titles, descriptions) and captions are fetched from YouTube and incorporated into prompts in scripts/transcribe.ts.
  • Boundary markers: The skill employs triple-backtick fenced JSON blocks to encapsulate the untrusted metadata within the prompt sent to the LLM, which provides structural isolation.
  • Capability inventory: The skill has the ability to write files to the local memory/learnings directory and issue browser commands (create tab, chat, select model) via an MQTT broker.
  • Sanitization: Metadata is processed as JSON objects before being converted to strings for the prompt, reducing the likelihood of breaking out of the data structure, though it does not specifically filter for instructional text inside the values.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:41 AM