audio-extract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes shell commands to perform its core function of audio processing. It uses double-quoted variables in its templates and mandates that the agent displays the full command for user approval before execution.\n- PROMPT_INJECTION (SAFE): The skill exhibits an indirect prompt injection surface as it processes external video metadata through ffprobe. However, this is considered safe due to the interaction design.\n
- Ingestion points: ffprobe metadata output in Step 1.\n
- Boundary markers: Absent for ffprobe output.\n
- Capability inventory: Shell command execution (ffmpeg, ffprobe) in SKILL.md.\n
- Sanitization: Absent; the risk is mitigated by the AskUserQuestion step and the final human-in-the-loop command preview.
Audit Metadata