video-understanding
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill documentation instructs the use of 'npx -y superconductor-gemini-skills'. This command downloads and executes a package from the npm registry that is not associated with a trusted organization or repository.
- [REMOTE_CODE_EXECUTION] (HIGH): By using 'npx' to execute untrusted code at runtime, the skill introduces a direct path for remote code execution if the external package contains malicious logic.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection. 1. Ingestion points: Accepts YouTube URLs and local video files via the --file argument in SKILL.md. 2. Boundary markers: No markers or explicit instructions to ignore embedded video content are present. 3. Capability inventory: The skill uses 'npx' and bash scripts to process content, providing a high-privilege execution environment for data retrieved from untrusted sources. 4. Sanitization: No sanitization of video transcripts or metadata is mentioned.
- [COMMAND_EXECUTION] (MEDIUM): The skill invokes a local bash script '${CLAUDE_PLUGIN_ROOT}/scripts/gemini.sh' using user-supplied file paths and environment variables, which could lead to command injection if arguments are not properly handled by the script.
Recommendations
- AI detected serious security threats
Audit Metadata