automate-this
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local system commands to process video files and fingerprint the environment.
- It utilizes
ffmpeg,ffprobe, andwhisperfor media processing. - It creates a dedicated temporary directory with restricted permissions (
chmod 700) to store intermediate frames and audio. - It performs environment fingerprinting by checking the OS version, shell type, and installed development tools (Python, Node, Homebrew).
- It includes a mandatory cleanup step to remove temporary files after processing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external video recordings.
- Ingestion points: The skill reads a user-provided video file path and processes audio transcriptions generated from that file.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potentially malicious commands embedded within the video narration or text appearing in the frames.
- Capability inventory: The skill has the capability to run system commands, fingerprint the environment, and write/execute new automation scripts (Bash, Python, Node.js).
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the transcriptions before the agent uses them to reconstruct the workflow and propose automation code.
Audit Metadata