promo-video
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes ffmpeg and ffprobe for video scaling and metadata verification, and npx playwright for browser-based gameplay recording.
- [EXTERNAL_DOWNLOADS]: References the installation of @playwright/test and ffmpeg from official package registries as required dependencies.
- [COMMAND_EXECUTION]: Dynamically generates a local JavaScript execution script (capture-promo.mjs) and utilizes a bundled shell script (convert-highfps.sh) to orchestrate the video production pipeline.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent reads local game source files (e.g., GameScene.js) to identify method names for automation. Ingestion points: local file reading. Boundary markers: absent. Capability inventory: file system access, browser JS injection (page.evaluate), and subprocess execution. Sanitization: uses basic numeric parsing for duration and scaling factors.
Audit Metadata