news-digest-video-agent
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from news articles and social media profiles to generate narrated scripts.\n
- Ingestion points: The agent uses
browser-useto extract text from news sites (BBC, AP News, etc.) and X.com profiles (detailed in AGENTS.md).\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to separate untrusted web content from its core instructions.\n
- Capability inventory: The skill utilizes shell command execution for media processing (
ffmpeg) and network access via thevideodbSDK to upload content.\n - Sanitization: No sanitization or filtering of the retrieved web content is specified before the agent processes it for script writing.\n- [COMMAND_EXECUTION]: Potential for shell command injection in media processing instructions.\n
- The instructions in
AGENTS.md(Step 5) direct the agent to executeffmpegcommands using a file path (outputs/<topic-slug>/...) that incorporates a variable (topic-slug) derived from user-provided input. If the agent does not properly sanitize the topic before generating the slug, it could lead to arbitrary command execution.\n- [EXTERNAL_DOWNLOADS]: Fetches external skill configuration during setup.\n - The setup instructions in
SKILL.mdandREADME.mddownload thebrowser-useskill definition from its official GitHub repository (github.com/browser-use/browser-use).
Audit Metadata