Skills
skills/reymerekar7/rm-skills/video-performance-analyzer/Gen Agent Trust Hub

video-performance-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from external videos, including transcripts and on-screen text, and incorporates it into an analysis prompt.\n
  • Ingestion points: The script scripts/analyze_video.py uploads local video files and processes YouTube URLs to feed content into the model.\n
  • Boundary markers: Absent; the ANALYSIS_PROMPT does not use delimiters or include instructions to ignore commands that may be embedded in the video's transcript or visual overlays.\n
  • Capability inventory: The skill interacts with the Google Gemini API and the instructions suggest capabilities for pushing content to Notion databases.\n
  • Sanitization: Absent; transcriptions and overlay text are passed directly to the model without filtering or escaping.\n- [DATA_EXFILTRATION]: The script scripts/analyze_video.py includes logic to search up to six levels of parent directories for a .env file to retrieve the GEMINI_API_KEY. While intended for configuration, automated scanning for sensitive files in the directory tree is a sensitive behavior.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the google-genai library, which is an official package provided by Google for generative AI operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 09:53 PM