concept-to-video
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary function is to generate and execute Python scripts using the Manim engine. Evidence: The workflow in SKILL.md describes designing a .py scene file and rendering it using scripts/render_video.py, which runs the code via subprocess.
- [COMMAND_EXECUTION]: The skill uses system-level commands to render videos and process audio files. Evidence: scripts/render_video.py invokes the manim CLI, and scripts/add_audio.py executes ffmpeg and ffprobe. Additionally, setup instructions in SKILL.md include apt-get install commands.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing untrusted user concepts into executable Python code. Ingestion points: User concepts (prompts) used to generate Manim .py files. Boundary markers: No explicit sanitization or delimiters for the generated code are mentioned. Capability inventory: Execution of Python code via Manim and system calls via FFmpeg through scripts/render_video.py and scripts/add_audio.py. Sanitization: Not explicitly implemented in the provided logic.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Manim library and system-level multimedia dependencies. Evidence: SKILL.md instructs the user/agent to install system packages via apt-get and the manim Python package via pip.
Audit Metadata