chromecast
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill uses a legitimate, well-known utility ('catt') for its intended purpose of controlling local network devices.
- [EXTERNAL_DOWNLOADS]: Installs the 'catt' package from the Python Package Index (PyPI), a standard and well-known software registry. This is consistent with the skill's stated purpose and is considered safe.
- [COMMAND_EXECUTION]: The skill relies on executing the 'catt' command-line interface to interact with Chromecast devices for discovery, playback control, and media casting.
- [PROMPT_INJECTION]: Ingestion points: The skill accepts URLs as input for commands like 'catt cast' and 'catt cast_site'. Boundary markers: None are present in the provided examples to delimit user-supplied data. Capability inventory: Execution of the 'catt' CLI tool, which internally uses 'yt-dlp'. Sanitization: No explicit sanitization or validation of input URLs is described within the skill instructions. This presents a potential surface for indirect prompt injection, which is a common risk for tools that process external content, but it is intrinsic to the skill's primary function.
Audit Metadata