puresnap
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes a hardcoded API key (376454-087dd0budxxo) for the MeowLoad service in both SKILL.md and api-reference.md.
- [EXTERNAL_DOWNLOADS]: The skill transmits user-provided URLs to api.meowload.net and downloads files from external URLs returned by the API response.
- [COMMAND_EXECUTION]: The skill recommends using curl for API calls and file downloads, and ffmpeg for combining separate audio and video streams.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the external API.
- Ingestion points: JSON response fields like 'text' and 'caption' from api.meowload.net (SKILL.md).
- Boundary markers: Absent; there are no instructions to the agent to distinguish between data and potential instructions in the API response.
- Capability inventory: Execution of curl and ffmpeg commands (SKILL.md).
- Sanitization: Absent; the skill does not specify validation or sanitization for external strings.
Audit Metadata