video-delivery-coach
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The requirements.txt file lists several third-party libraries such as 'deepface' and 'faster-whisper' that are not from trusted organizations. These libraries are known to download large binary model weights from external sources at runtime.
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute a local script 'scripts/analyze_video.py'. Since the script source code is not included in the provided files, its internal behavior and safety cannot be verified.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through its video processing pipeline. Ingestion points: Processes user-provided video files into text transcripts and facial metrics. Boundary markers: No delimiters or safety instructions are documented for the data passed to the LLM. Capability inventory: Executes shell commands and utilizes an API key. Sanitization: No sanitization of the generated transcripts is mentioned.
- CREDENTIALS_UNSAFE (SAFE): The skill correctly uses environment variables for the ANTHROPIC_API_KEY and contains no hardcoded secrets.
Audit Metadata