Video Processor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The instructions direct the agent to perform system-level package installations using 'apt-get install' and 'brew install'. These operations require elevated privileges and modify the host system environment.
- [PROMPT_INJECTION] (LOW): The skill performs transcription of user-provided audio and video files, creating a surface for Indirect Prompt Injection. Spoken instructions within the media could be processed as commands by the agent. 1. Ingestion points: Media files (MP4, AVI, WAV) processed in scripts/video_processor.py. 2. Boundary markers: Absent; transcribed text is written to files without delimiters. 3. Capability inventory: Script execution via 'uv run' and file system access. 4. Sanitization: None mentioned for transcription outputs.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires downloading 'openai-whisper' from PyPI and 'ffmpeg' from system repositories. While these are trusted sources under [TRUST-SCOPE-RULE], they involve runtime package acquisition.
Audit Metadata