video-understand
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is a well-structured framework for video analysis. It relies on official APIs (Google, OpenAI, Groq, etc.) and established open-source libraries, ensuring a secure and reliable operation.\n- [COMMAND_EXECUTION] (SAFE): System commands for video processing (ffmpeg, yt-dlp, ffprobe) are executed using best practices, such as passing arguments as lists rather than strings. This effectively mitigates shell injection vulnerabilities. These operations are essential for the skill's core purpose.\n- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly implements credential handling by using environment variables. It avoids hardcoding secrets and provides clear, safe instructions for users to configure their own API keys.\n- [EXTERNAL_DOWNLOADS] (SAFE): Dependency installation and media downloading are performed through standard, reputable channels (PyPI, official repositories). No untrusted third-party binaries or scripts are involved.\n- [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it processes untrusted video and audio data from external sources.\n
- Ingestion points: Data entering through
process_video.py(documented) originates from user-supplied URLs (e.g., YouTube) or local files.\n - Boundary markers: The prompt templates in
references/gemini.mddo not include explicit separators or warnings to ignore commands embedded in the media content.\n - Capability inventory: The skill uses
subprocess.runto interact with system utilities for media extraction and conversion.\n - Sanitization: No specific sanitization or filtering of transcript text is documented before it is passed to the LLM for analysis.\n
- Refinement: Since this surface is inherent to the primary function of the tool and relies on provider-level safeguards, the severity is dropped to SAFE.
Audit Metadata