Video Processor
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes a local Python script to execute FFmpeg and Whisper commands. These operations are restricted to multimedia processing and do not exhibit signs of arbitrary command execution or privilege escalation.\n- EXTERNAL_DOWNLOADS (LOW): The instructions recommend installing
ffmpegthrough system package managers andopenai-whisperviapip. As these involve trusted repositories (PyPI, Homebrew, Apt), the finding is downgraded to LOW per the trusted source policy.\n- PROMPT_INJECTION (LOW): There is a risk of indirect prompt injection as the skill transcribes audio from external files. An attacker could embed spoken instructions in a video or audio file that, once transcribed, might attempt to influence the agent's behavior.\n - Ingestion points: Processes external files such as
input.mp4andaudio.wav(referenced in SKILL.md).\n - Boundary markers: No delimiters or instructions to ignore transcribed text are present in the provided documentation.\n
- Capability inventory: The agent can run sub-processes and write various transcript/media files to the disk.\n
- Sanitization: No sanitization of the transcription output is described in the workflow.
Audit Metadata