search-video-on-web-and-gen
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- Command Execution (HIGH): The
scripts/download_video.shscript is vulnerable to shell command injection. The$QUERYvariable is interpolated within a double-quoted string ("ytsearch${COUNT}:${QUERY}"), allowing subshell execution (e.g.,$(id)) if the query is derived from untrusted input.\n- Dynamic Execution (HIGH):scripts/generate_tts.shuses a shell HEREDOC to construct and execute a Python script. Shell variables like$VOICEare interpolated into the Python source code by the shell before execution, leading to both shell command injection and Python code injection risks.\n- Command Execution (MEDIUM):scripts/render_all.shexecutes a Python snippet viapython3 -cthat interpolates the$SCENES_FILEvariable directly into a string. A malicious filename could trigger Python code execution.\n- Indirect Prompt Injection (LOW): The skill is highly vulnerable to indirect injection as it processesscenes.json, which is intended to be generated by an agent.\n - Ingestion points:
scenes.jsonis parsed by multiple scripts to extract IDs, text, and search queries.\n - Boundary markers: None; the scripts treat the JSON content as trusted.\n
- Capability inventory: Full system access via
ffmpeg,yt-dlp, andnpx remotionsubprocess calls.\n - Sanitization: No validation or escaping is performed on the data extracted from the JSON before it is used in shell commands.\n- External Downloads (LOW): The skill downloads media from YouTube and other external sources using
yt-dlpandcurl. While intended, the lack of sanitization on search queries makes these operations dangerous.
Recommendations
- AI detected serious security threats
Audit Metadata