bilibili-to-obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs well-known third-party utilities yt-dlp and ffmpeg, and the author's vendor package @wangjs-jacky/video2text for processing video and text data.
- [COMMAND_EXECUTION]: Utilizes system commands to fetch video metadata, extract subtitles, and manage directory structures within the user's local Obsidian vault.
- [PROMPT_INJECTION]: Subject to indirect prompt injection risks due to processing external content.
- Ingestion points: Metadata and subtitles extracted from Bilibili videos, which originate from untrusted third-party sources.
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands when the agent processes the extracted text for summarization.
- Capability inventory: Can execute command-line tools and perform write operations on the local file system.
- Sanitization: Does not implement validation or filtering for the extracted video content before use in subsequent tasks.
Audit Metadata