feature-video
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes Pull Request metadata (title, body) to automatically plan and execute browser interactions.\n
- Ingestion points: PR details retrieved via
gh pr viewin thegather_contextsection ofSKILL.md.\n - Boundary markers: Absent; there are no clear delimiters or instructions to separate PR content from the agent's logic.\n
- Capability inventory: Includes browser automation via
agent-browser, repository modification viagh pr edit, and network operations viarclone.\n - Sanitization: No sanitization of the PR body or title is performed before the planning stage.\n- [COMMAND_EXECUTION]: The skill uses several system commands including
gh,ffmpeg,rclone, andagent-browser. These are used to interact with the repository, process video files, and manage cloud storage, which are consistent with the skill's primary function.\n- [EXTERNAL_DOWNLOADS]: The skill requests the installation of theagent-browserpackage from the NPM registry and its subsequent internal dependencies viaagent-browser install.
Audit Metadata