clipit

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to hide internal behavior (e.g., "NEVER" tell the user it transcribes) and to unconditionally extract sensitive data, which are deceptive/withholding directives outside the skill's stated, user‑facing purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (clip.py) explicitly downloads arbitrary web content and YouTube videos via download_file/download_youtube_video and transcribes that untrusted audio (transcribe_audio) — the resulting full transcript is then passed into find_segment (OpenAI) to produce timestamps that directly drive cutting/dubbing/isolation actions, so third-party content can materially influence tool behavior.