Skills
skills/coltonbatts/vcr/vcr-style-skill-template/Gen Agent Trust Hub

vcr-style-skill-template

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to use the vcr command-line tool for validating manifests (vcr check), rendering frames (vcr render-frame), and building video files (vcr build). these operations are essential to the primary function of the skill.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from external files that influence its output and operations.
  • Ingestion points: The skill reads configuration from references/style_tokens.yaml and scene definitions from user-provided .vcr files.
  • Boundary markers: No delimiters or explicit instructions are provided to ignore embedded commands or instructions within the text fields of the data files.
  • Capability inventory: The skill reads local files and executes shell commands via the vcr tool, which could be influenced by the data it processes.
  • Sanitization: No input validation, escaping, or sanitization of the content from the YAML or VCR files is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:47 PM