after-effects
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes ExtendScript files via the osascript and bash tools to control Adobe After Effects. This is a standard and necessary mechanism for the skill's primary function of professional automation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external CSV and SRT files which could potentially influence agent behavior. Ingestion points: Scripts such as comp-from-csv.jsx and srt-import.jsx read user-provided external files. Boundary markers: No explicit markers or instruction-ignoring delimiters are implemented. Capability inventory: The skill has the ability to write files and perform significant project-level modifications in After Effects. Sanitization: Limited to basic format parsing within the JSX scripts.
Audit Metadata