Skills
skills/pamelafox/presentation-skills/capture-video-frames/Gen Agent Trust Hub

capture-video-frames

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external CLI tools (yt-dlp, ffmpeg, and ffprobe) to process video data.
  • Evidence: The script capture_video_frames.py uses list-based arguments in subprocess.run(), avoiding shell injection vulnerabilities.
  • Evidence: User-supplied youtube_url arguments are validated against a specific regular expression in the extract_video_id function before being used in commands.
  • [PROMPT_INJECTION]: The skill uses a subagent to generate descriptions which are then reused in subsequent prompts, creating an indirect prompt injection surface.
  • Ingestion points: The agent reads frames_manifest.md, which contains previously generated descriptions, to provide context for the next frame's analysis.
  • Boundary markers: The prompt template in SKILL.md wraps the potentially untrusted previous description in double quotes: "[PREVIOUS_DESCRIPTION]".
  • Capability inventory: The skill can execute file writes and run local CLI tools via the provided Python script.
  • Sanitization: No specific escaping or content filtering is applied to the frame descriptions before they are interpolated into new prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 04:20 PM