repurpose
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a template for shell commands that directly incorporates user input. The command
yt-dlp "[URL]"inSKILL.mdis vulnerable to shell injection if the URL parameter is not strictly validated or escaped. An attacker could provide a crafted URL string containing command separators (e.g.,;,&,|) to execute unauthorized commands in the user's environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from external sources. It transcribes audio from reels and uses the resulting text to generate a new script, creating a path for malicious instructions embedded in the audio to influence the agent.
- Ingestion points: Reading transcription text from
/tmp/repurpose_reel.txt(generated from an external media file viawhisper). - Boundary markers: Absent. There are no specific delimiters or instructions to the LLM to ignore potentially adversarial content within the transcription.
- Capability inventory: Access to shell commands (
yt-dlp,whisper,rm) and local file operations within the~/.claude/skills/repurpose/directory. - Sanitization: No sanitization or filtering of the transcription output is performed before it is included in the LLM prompt.
Audit Metadata