demo-video
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a local shell script (
build.sh) designed to coordinate media processing tools. This script is constructed using parameters derived from user-supplied scene descriptions and narration text, which could be exploited for command injection if the input is malicious. - [EXTERNAL_DOWNLOADS]: The documentation references an external repository (
github.com/vaddisrinivas/framecraft) and the author's own repository (github.com/alirezarezvani/claude-skills). The former is a third-party source not listed as a trusted vendor or well-known service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Untrusted data enters the agent context via user-provided scene descriptions and screenshots (Ingestion points). The skill does not use delimiters or instructions to ignore embedded commands within this data (Boundary markers). Its capabilities include generating executable shell scripts and writing files to the local system (Capability inventory), and there is no evidence of sanitization or escaping of the user-provided content before interpolation (Sanitization).
Audit Metadata