shorts-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest untrusted data (scene plans and lyrics) to automate video editing tasks. This creates a surface where malicious instructions embedded in these files could influence the agent's logic or downstream actions.\n
- Ingestion points: scene-plan.json and lyrics files (referenced in SKILL.md).\n
- Boundary markers: None. The instructions do not define delimiters or provide guidance to the agent on separating data from instructions.\n
- Capability inventory: File writing and system command execution via FFmpeg.\n
- Sanitization: No input validation or sanitization is performed on the data before it is used to construct command arguments.\n- [Data Exposure & Exfiltration] (LOW): The skill's error handling logic may inadvertently leak sensitive information.\n
- Evidence: Both Python scripts capture and print the full stderr output from FFmpeg upon failure. If an attacker provides a path to a sensitive local file as the 'input video', the resulting FFmpeg error message could reveal file content snippets or metadata.\n- [Command Execution] (LOW): The skill executes FFmpeg via subprocess. While it uses the safer list-based argument passing method, the absence of input path validation by the scripts or agent instructions presents a risk of unauthorized file system probing.
Audit Metadata