motion-graphic-director
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes a bundled Python script
scripts/srt_to_script.pyto transform SRT subtitles into Markdown. Analysis of the script confirms it uses standard libraries (re,os,sys) and does not perform network operations or access sensitive system paths. - [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface because it ingests untrusted data from subtitle files.
- Ingestion points:
scripts/srt_to_script.pyreads user-supplied SRT files. - Boundary markers: Absent. The agent is directed to use the converted script text directly for design ideation without explicit warnings to ignore embedded instructions.
- Capability inventory: Subprocess execution (local python script), file system write access (
video-design-[name].md), and subsequent code generation capabilities. - Sanitization: The conversion script strips technical tags (HTML/ASS) but does not filter for natural language instruction overrides.
Audit Metadata