Skills
skills/yong-opus/opusclip-skill/opusclip/Gen Agent Trust Hub

opusclip

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/opusclip script executes system commands including curl, jq, and ffmpeg to facilitate API interaction and local media processing. It also uses open (macOS) or xdg-open (Linux) to automatically open generated HTML previews and storyboard images in the user's default applications.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its preview generation feature. Metadata fetched from the external OpusClip API (which may originate from untrusted video sources like YouTube) is interpolated into a local HTML file without sanitization. This allows malicious content embedded in video titles or descriptions to execute in the user's browser context.
  • Ingestion points: scripts/opusclip (line 544) retrieves clip data including titles and descriptions from https://api.opus.pro/api.
  • Boundary markers: No boundary markers or 'ignore' instructions are used when processing the API response.
  • Capability inventory: The skill possesses network access (curl), file system write access (/tmp), and the ability to launch browser sessions (open/xdg-open).
  • Sanitization: There is no evidence of HTML escaping or sanitization for the $project_title, $cards, or $desc variables before they are written to the HTML preview template.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:47 AM