tmdb
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a local Python script at
scripts/tmdb.pyusing theuvtool to handle movie database queries and personalization.- [PROMPT_INJECTION]: The skill ingests data from external APIs and user history, which creates a theoretical surface for indirect prompt injection common to search and recommendation tools. 1. Ingestion points: Data is retrieved from the TMDb API, Plex watch history, and user preferences stored in the ppl.gift CRM. 2. Boundary markers: No specific delimiters are defined in the instruction file to separate external metadata from system instructions. 3. Capability inventory: The skill executes local Python scripts to fetch and display movie information and manage user preferences. 4. Sanitization: No sanitization or filtering of the external metadata is explicitly described in the provided markdown file.
Audit Metadata