plex
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The script accesses a
.envfile to retrieve thePLEX_TOKEN. This is the documented and intended method for the skill to obtain credentials needed for its core functionality. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it retrieves and returns media metadata (such as titles, summaries, and descriptions) from external sources including the local Plex server and the plex.tv cloud API.
- Ingestion points:
scripts/plex_cli.pyvialibraries,search,recently-added,metadata, andwatchlistcommands. - Boundary markers: Absent. The metadata is included as raw strings in the JSON response without explicit delimiters or instructions for the agent to ignore embedded commands.
- Capability inventory: Can trigger library scans via
refresh-sectionand performs network requests to the Plex server and plex.tv cloud API. - Sanitization: Summaries are truncated to 200 characters in the
watchlistcommand, but no other content filtering or validation for instructions is performed.
Audit Metadata