Skills
skills/zrong/skills/video-analyzer/Gen Agent Trust Hub

video-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/analyze.py downloads video content from user-provided URLs using the httpx library and the yt-dlp utility.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute the yt-dlp command-line tool for downloading and processing video streams from external platforms like YouTube or Bilibili.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: scripts/analyze.py ingests untrusted data from external URLs and local file paths provided via the --video argument.
  • Boundary markers: The prompt construction lacks specific delimiters or instructions to ignore embedded commands within the video content or metadata.
  • Capability inventory: The script can execute subprocesses (yt-dlp), perform network requests (httpx), and communicate with AI model APIs.
  • Sanitization: No validation or sanitization of the video data or its source is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:42 AM