Skills
skills/heimanba/oss-video-skill/oss-video/Gen Agent Trust Hub

oss-video

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script check-cdp.sh manages browser processes by terminating existing Google Chrome instances using pkill and starting a new instance with the --remote-debugging-port flag. This allows browser automation but is intrusive to the user's environment.
  • [EXTERNAL_DOWNLOADS]: The skill uses curl in fetch-github-stats.sh and logo-url.sh to retrieve metadata from the GitHub API and fetch content from external project homepages.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from GitHub and external URLs. Ingestion points: Project descriptions and website HTML. Boundary markers: None. Capability inventory: Local command execution and file writing. Sanitization: No sanitization is visible for ingested content used in video scenes.
  • [COMMAND_EXECUTION]: The fetch-github-stats.sh script writes data to a path outside the skill's own directory (../../../../src/data/github-stats.json), which involves writing into the source tree of the parent project.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 05:27 AM