video-summarize
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill passes user-provided video IDs directly into a Bash command string without sanitization. This allows an attacker to execute arbitrary shell commands by providing a malicious video ID containing shell metacharacters (e.g., '; rm -rf /').- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection as it ingests and processes untrusted YouTube transcripts. Ingestion points: YouTube transcripts and metadata fetched via the helper script. Boundary markers: No delimiters or instructions are used to separate external content from the agent's logic. Capability inventory: The skill has access to 'Bash', 'Write', 'Read', and 'Edit' tools, which provides a large attack surface for a hijacked agent. Sanitization: There is no evidence of transcript content validation or filtering. A transcript containing malicious instructions could trick the agent into misusing its toolset to modify the vault or execute shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata