gif-generation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on standard command-line tools like
ffmpeg,ffprobe,file, andduto perform media processing. These commands are used according to their intended purpose and are safe within this context. - [PROMPT_INJECTION]: The skill processes untrusted input in the form of video files, which presents a surface for indirect prompt injection. * Ingestion points: External media files provided to the
$INPUT_FILEvariable inSKILL.md. * Boundary markers: None present to distinguish data from instructions for the agent. * Capability inventory: The skill executes shell commands (ffmpeg,ffprobe) on the input files. * Sanitization: The script uses double-quoting for variables (e.g.,"$INPUT_FILE") which helps prevent command injection via malicious filenames.
Audit Metadata