semantic-video-clipper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script executes the
ffmpegbinary usingsubprocess.runwith an argument list. This is a secure practice that prevents shell injection vulnerabilities, even if filenames or AI-provided indices contain malicious characters. - [DATA_EXPOSURE] (SAFE): The script only accesses the video and subtitle files specified by the user. It writes the output segments to the same directory as the source video. No network activity or hardcoded credentials were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's workflow involves the AI reading and analyzing the content of subtitle files (VTT/SRT) to determine semantic split points. This creates a surface for indirect prompt injection where instructions embedded in subtitles could attempt to manipulate the AI's output.
- Ingestion points: Subtitle files read in
scripts/clip_video.pyand processed by the AI. - Boundary markers: None; the AI is instructed to read the "full subtitle content".
- Capability inventory: Subprocess execution of FFmpeg via
subprocess.run. - Sanitization: None; the script parses the timestamps and text directly as provided in the file.
Audit Metadata