human-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/run_extraction.pyusessubprocess.runto invoke Python modules from an external, untrusted path (G:\My Drive\PROJECTS\APPS\Human_Detection). This allows the agent to execute code within the context of an external project structure that is not part of the skill itself. - INDIRECT_PROMPT_INJECTION (HIGH): The skill possesses a high-privilege attack surface as it processes external, untrusted data (MP4 videos and CSV manifests) while maintaining write and delete permissions on the host filesystem.
- Ingestion points: Video files located in
config["roots"]and metadata fromMANIFEST.csvandINDEX.csv. - Boundary markers: Absent. There are no delimiters used to separate processed data from instructions, allowing potential embedded instructions in metadata to influence agent logic.
- Capability inventory: Includes subprocess execution (
subprocess.run), file creation/writing, and file deletion (--delete-original). - Sanitization: No sanitization or validation of the video stream or CSV content is performed prior to processing.
- PRIVILEGE_ESCALATION (MEDIUM): The configuration allows a
delete_originalflag. If an attacker influences therootsparameter or tricks the agent into enabling this flag, it could lead to unauthorized mass deletion of files on the system. - DATA_EXPOSURE (MEDIUM): The skill is designed to operate on sensitive dashcam footage and tracking data within local directories (
INVESTIGATION/DASHCAM), which may contain private identifiable information (PII).
Recommendations
- AI detected serious security threats
Audit Metadata