iopho-analyzing-videos
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the python3 interpreter to run a local script (scripts/video_to_storyboard.py) and utilizes the ffmpeg utility for frame extraction tasks.- [EXTERNAL_DOWNLOADS]: Installs the google-generativeai package from the public registry via pip. This library is provided by a well-known and trusted technology company.- [PROMPT_INJECTION]: The skill presents a vulnerability surface for indirect prompt injection through the processing of untrusted video data.
- Ingestion points: Video files are uploaded to and processed by the Gemini API (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded content within the video data are defined.
- Capability inventory: The skill can execute shell commands (python, ffmpeg, pip) and perform file system write operations.
- Sanitization: No sanitization or validation of the input video content or the resulting model output is specified.
Audit Metadata