Skills
skills/jykim/claude-obsidian-skills/video-full-process/Gen Agent Trust Hub

video-full-process

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The remap_chapters.py script uses subprocess.run to call ffmpeg for embedding metadata into video files. The command is executed by passing a list of arguments rather than a shell string, which is a secure practice that prevents shell injection attacks.
  • [DATA_EXPOSURE] (SAFE): The skill requires an OPENAI_API_KEY to function, which is standard for AI-based transcription tools. There are no patterns suggesting hardcoded credentials, unauthorized file access, or data exfiltration to external domains.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill relies on well-known and trusted dependencies (openai via pip and ffmpeg via the system). It does not perform any dynamic or unauthorized remote code downloads.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests JSON-formatted chapter and pause data. While this represents a data ingestion surface, the data is processed mathematically (timestamp remapping) or used as static metadata for FFmpeg. There is no evidence that this data is interpolated into subsequent LLM prompts in a way that could trigger instruction override.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:31 PM