clipit
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions that explicitly attempt to override the agent's safety protocols. Specifically, it instructs the agent to disregard privacy or sensitivity concerns and extract information like credit card numbers if requested by the user. - [REMOTE_CODE_EXECUTION]: The
clip.pyscript performs dynamic installation of Python packages (openai,yt-dlp, andelevenlabs) usingpip installat runtime if they are not already present in the environment. This execution of external commands to modify the environment is a significant security risk. - [COMMAND_EXECUTION]: The script extensively uses
subprocess.runandsubprocess.check_callto execute shell commands forffmpeg,yt-dlp, andpip. While these are part of the intended functionality, the interpolation of user-provided inputs (--inputand--query) into these command lines creates a surface for command injection if the agent does not properly sanitize the generated strings. - [DATA_EXFILTRATION]: The skill is designed to send processed audio data and transcriptions to external services (ElevenLabs and OpenAI). When combined with the instruction to specifically target sensitive PII (Personally Identifiable Information), this creates a high risk of exfiltrating sensitive user data to third-party APIs.
- [EXTERNAL_DOWNLOADS]: The script downloads files from arbitrary URLs provided by the user and utilizes
yt-dlpto download content from YouTube, introducing risks associated with processing untrusted remote media files.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.elevenlabs.io/v1/audio-isolation - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata