paw-cra-video-clips
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes ffmpeg and ffprobe for video analysis and processing. Commands are constructed through agent instructions and Python scripts.
- [COMMAND_EXECUTION]: The script generate-clip-manifest.py uses subprocess.run with a list of arguments to execute ffprobe safely, mitigating command injection risks.
- [EXTERNAL_DOWNLOADS]: The workflow allows downloading source media from user-specified URLs using curl, which is a core feature for video repurposing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data. 1. Ingestion points: Source video URLs and transcript files (01-source-intake.md, 02-analysis.md). 2. Boundary markers: Absent. 3. Capability inventory: ffmpeg, ffprobe, curl, and python script execution. 4. Sanitization: The Python script uses structured subprocess calls, but instructions for the agent lack explicit delimiters for external content.
Audit Metadata