process-video
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
pipeline.pywithin a virtual environment. While this is the core functionality, the script's source is not provided in the skill manifest, making its internal logic unverified. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes text extracted via OCR from potentially untrusted video sources. 1. Ingestion points: Data enters the context via
output/extracted_text.txt. 2. Boundary markers: No delimiters or specific instructions are provided to the agent to treat the OCR content as untrusted data. 3. Capability inventory: The skill requests Bash, Read, and Write permissions, which could be exploited if an injection is successful. 4. Sanitization: No sanitization or validation logic is specified for the extracted text before it is processed into an article.
Audit Metadata