bilibili-render-pdf
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of command-line tools for functional tasks, including
yt-dlpfor video and subtitle retrieval andwhisperfor audio transcription. - [EXTERNAL_DOWNLOADS]: The skill fetches video metadata, thumbnails, and subtitles from Bilibili domains (
bilibili.comandb23.tv). These are legitimate external resources required for the primary function. - [PROMPT_INJECTION]: The skill processes untrusted external content (Bilibili subtitles and Whisper-generated transcripts) and incorporates it into a LaTeX document that is subsequently compiled. This creates a surface for indirect prompt injection.
- Ingestion points: Bilibili subtitles and transcription files (SKILL.md).
- Boundary markers: None explicitly mentioned for the subtitle content within the LaTeX template.
- Capability inventory: Shell access for
yt-dlp,whisper, and LaTeX compilation. - Sanitization: No specific filtering or sanitization rules for subtitle content are mentioned before insertion into the
.texfile.
Audit Metadata