Skills
skills/athola/claude-night-market/media-composition/Gen Agent Trust Hub

media-composition

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates the use of ffmpeg and yq to process and combine media assets based on user-provided manifests.
  • [COMMAND_EXECUTION]: The manifest schema includes a requires field intended for executing arbitrary commands prior to media generation, which represents a potential vector for command injection if the manifest source is untrusted.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface where it ingests data from external manifest.yaml files and interpolates the content into shell commands and loops.
  • Ingestion points: Manifest files parsed via yq in SKILL.md.
  • Boundary markers: Absent; the skill does not use delimiters or warnings to ignore instructions within the processed files.
  • Capability inventory: Execution of ffmpeg, yq, and potentially arbitrary shell commands via the requires manifest field.
  • Sanitization: No explicit validation or escaping of manifest content is performed before interpolation into shell execution contexts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 PM