pine-visualizer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The skill explicitly commands the agent to override standard safety guardrails and interactive consent layers. Instructions such as 'IMMEDIATELY run the video analyzer
- do not ask for permission' and 'DO NOT ask permission
- run analysis immediately' are direct attempts to bypass the agent's typical request-for-approval workflow for tool execution.
- [Command Execution] (MEDIUM): The skill triggers the execution of a local script (
tools/video-analyzer.py) using a user-provided string (YouTube URL) as a direct argument. This creates a command injection risk if the URL is not strictly validated before being passed to the shell. - [Indirect Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface by ingesting and acting upon untrusted data from YouTube transcripts.
- Ingestion points: YouTube transcripts and metadata processed via the
video-analyzer.pytool. - Boundary markers: Absent; the instructions do not specify any delimiters or warnings to ignore malicious instructions embedded within the transcripts.
- Capability inventory: Subprocess execution via
pythonand file writing toprojects/analysis/. - Sanitization: None mentioned; the skill assumes the transcript content is benign and proceeds directly to implementation planning based on the extracted concepts.
Recommendations
- AI detected serious security threats
Audit Metadata