markdown-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The
create_video_script.pyscript possesses a data ingestion surface that processes untrusted markdown content. - Ingestion points:
markdown_pathread viaPath.read_text()increate_video_script.py. - Boundary markers: Absent; slide content and speaker notes are interpolated directly into the output markdown file.
- Capability inventory: Limited to local file system read (
Path.read_text) and write (Path.write_text). No command execution or network operations are present in the script. - Sanitization: No sanitization of the input markdown is performed; however, the output is a review script intended for human or agent consumption and does not trigger dangerous downstream tools in the provided scope.
- Data Exposure & Exfiltration (SAFE): The README provides instructions for users to set their
OPENAI_API_KEYusing a placeholder (sk-...). No hardcoded credentials or sensitive file access patterns were found in the code. - Unverifiable Dependencies (SAFE): The
requirements.txtfile specifies standard, well-known libraries (openai,google-genai,Pillow). No suspicious or unversioned packages were detected.
Audit Metadata