analyze-video
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted data from two sources: existing audio transcripts (JSON) and visual descriptions extracted from video frames. An attacker could embed instructions within a transcript's 'text' field or via visual content (OCR/steganography) that the agent interprets while 'incrementally editing' the visual_video.json file. While the skill's capabilities are limited to file manipulation and ffmpeg, a successful injection could lead to unauthorized file deletions beyond the intended tmp directory or deceptive transcript modifications.
- Ingestion points:
libraries/[library]/transcripts/video.json(via copy and read) andtmp/frames/[video_name]/*.jpg(via Read tool). - Boundary markers: Absent. The instructions do not specify delimiters to separate untrusted transcript text from agent instructions.
- Capability inventory:
cp,rm -rf,mkdir,ffmpeg(via subprocess), andFile.write(via Ruby script). - Sanitization: Absent. The Ruby script
prepare_visual_script.rbperforms structural cleanup (deleting keys) but does not sanitize the content of the 'text' or 'visual' strings. - [Command Execution] (LOW): The skill uses
ffmpegandrm -rf. While potentially dangerous, these are used on specific paths (tmp/frames/) and are necessary for the skill's functionality. The use ofrm -rfon a path containing a variable[video_name]is a minor concern if the variable is not properly sanitized, though it is typically scoped to a temporary directory.
Audit Metadata