Production Operations
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of local script execution and system binaries to perform its tasks.
- It executes various Python and Shell scripts within the
scripts/directory (e.g.,package_youtube.py,generate_voice.py,create_new_session.sh) to automate the workflow. - It uses
ffmpegandffprobefor heavy audio/video processing, including complex filtering and metadata extraction. - [CREDENTIALS_UNSAFE]: The
voice-synthesismodule requires and verifies the presence ofGOOGLE_APPLICATION_CREDENTIALS. While it does not hardcode secrets, it directs the agent to interact with sensitive environment variables used for cloud authentication. - [EXTERNAL_DOWNLOADS]: The
youtube-packagingskill contains logic for uploading content to the external domainsalars.net. This is identified as a vendor-owned resource belonging to the author 'randysalars'. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through its data ingestion workflows.
- Ingestion points:
session-creation/SKILL.mdandssml-generation/SKILL.mdingest natural language 'topic descriptions' and 'journey concepts'. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are documented for the processing of these inputs.
- Capability inventory: The agent has permissions to execute subprocesses (
ffmpeg,python3) and write files to the local system. - Sanitization: There is no evidence of sanitization or validation of the input strings before they are interpolated into the generated SSML scripts or manifests.
Audit Metadata