video-wrapper
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation specifies the installation of the Chromium browser via
playwright install. It also references CSS fromfonts.googleapis.com. These are trusted sources according to the TRUST-SCOPE-RULE. - COMMAND_EXECUTION (MEDIUM): The skill utilizes the Bash tool for system-level setup and rendering operations, which is a powerful capability that could be abused if the agent is misled.
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection through its subtitle processing workflow.
- Ingestion points: Untrusted data is ingested from user-provided
.srtfiles and analyzed to generate video overlay content. - Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands within the subtitle text.
- Capability inventory: The skill has access to Bash, Read, and Write tools, as well as JavaScript execution within a browser renderer.
- Sanitization: The template
bullet-points.htmluses.innerHTMLto render points extracted from the subtitle analysis, creating an XSS surface where malicious subtitle content could execute code in the Playwright environment to probe the local system.
Audit Metadata