after-effects
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses a bash runner (scripts/runner.sh) to execute After Effects ExtendScript files via the macOS osascript interface. This is a standard and necessary function for After Effects automation and follows best practices for inter-process communication.
- [DATA_EXFILTRATION] (SAFE): The scripts read and write local files (e.g., project text, subtitles) but do not perform any network operations. Data exchange occurs through the /tmp directory, which is typical for local automation tools and poses no exfiltration risk.
- [PROMPT_INJECTION] (SAFE): Several scripts ingest untrusted data from external files like CSV and SRT to populate After Effects layers. While this represents an indirect prompt injection surface, it is the primary intended function of the skill and the risk is mitigated by the restricted After Effects scripting environment.
- Ingestion points: scripts/srt-import.jsx (SRT), scripts/comp-from-csv.jsx (CSV), and scripts/text-export-import.jsx (CSV).
- Boundary markers: Absent. The scripts process content as raw text for layer population as per their design.
- Capability inventory: The skill can manipulate AE projects and read/write local files via the ExtendScript File object.
- Sanitization: Absent. Input text is applied directly to After Effects text layers without escaping, which is standard for this use case.
Audit Metadata