paw-cra-video-clips
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on ffmpeg and ffprobe to perform video analysis, extraction, reframing, and encoding. These operations are fundamental to the skill's stated purpose of video repurposing.
- [EXTERNAL_DOWNLOADS]: The workflow supports downloading source video content from user-provided URLs using curl or ffmpeg, which is a standard feature for video processing agents.
- [COMMAND_EXECUTION]: The included Python script generate-clip-manifest.py uses secure, list-based subprocess.run calls to extract metadata from video files, mitigating shell injection risks.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (videos and URLs), creating an attack surface for indirect prompt injection through malicious metadata or content.
- Ingestion points: Source video files and URLs (references/01-source-intake.md).
- Boundary markers: Absent.
- Capability inventory: Shell command execution via ffmpeg/ffprobe and script execution (SKILL.md, scripts/generate-clip-manifest.py).
- Sanitization: The generate-clip-manifest.py script employs parameter list-based subprocess calls to prevent command injection during file analysis.
Audit Metadata