after-effects
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to execute local runner scripts and the macOSosascriptutility. This allows the agent to interact with the host operating system and control the Adobe After Effects application. - [REMOTE_CODE_EXECUTION]: The skill's primary workflow involves generating ExtendScript (
.jsx) files dynamically and executing them viaosascript. This pattern allows for the execution of arbitrary code within the After Effects environment based on agent-generated logic. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from multiple sources.
- Ingestion points: Data is read from project metadata (layer names, composition names via
active-state.jsx), external CSV files (comp-from-csv.jsx), and SRT subtitle files (srt-import.jsx). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when interpolating this data into scripts.
- Capability inventory: The skill can write files to the filesystem and execute shell commands (
bash,osascript). - Sanitization: There is no evidence of sanitization or validation of the external content before it is incorporated into the generated ExtendScript code.
- [EXTERNAL_DOWNLOADS]: The skill requires the user to enable "Allow Scripts to Write Files and Access Network" in After Effects preferences. This configuration allows any script executed by the agent to perform network requests and modify local files, expanding the potential impact of a malicious script.
Audit Metadata