social-clips
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform several shell-based operations, including dependency installation with npm, media rendering using npx remotion and ffmpeg, and asset retrieval via curl.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download user avatar images from Slack's official CDN (avatars.slack-edge.com). These downloads are restricted to image assets required for the video rendering process.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core functionality of processing external data.
- Ingestion points: Data enters the agent's context through the mcp__slack__slack_get_thread_replies tool call specified in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the fetched Slack messages are provided.
- Capability inventory: The environment allows for subprocess execution (remotion, ffmpeg), network access (curl), and file system modifications (writing TypeScript data files and deleting temporary assets).
- Sanitization: The implementation in src/components/slack/SlackMessageRow.tsx focuses on visual formatting (bolding, mentions) and lacks mechanisms to sanitize the raw text against potential instructions that could influence the agent during the data preparation phase.
Audit Metadata