captions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Persistence Mechanisms] (HIGH): The skill documentation explicitly states that the setup script saves the API key to the user's shell profile. Modifying shell configuration files such as .bashrc or .zshrc is a persistence technique that can be abused to execute arbitrary commands upon login.
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted transcripts from an external API. 1. Ingestion points: The transcript text returned from transcriptapi.com. 2. Boundary markers: Absent; the agent is expected to process the text directly for content review and translation. 3. Capability inventory: Reading, quoting, and translating content which influences agent reasoning. 4. Sanitization: Absent; no filtering of malicious instructions within subtitles is performed.
- [Command Execution] (MEDIUM): The skill instructs the agent to execute a local JavaScript file './scripts/tapi-auth.js' for registration and verification. The logic of this script is not provided for security auditing.
Recommendations
- AI detected serious security threats
Audit Metadata