video-scene-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ffmpeg,ffprobe, and a bundled local bash script (scripts/videx) to extract frames and metadata from video files. These operations are essential to the skill's primary function and are clearly documented. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and interprets visual content from untrusted video files. If a video contains frames with malicious instructions, the agent might attempt to follow them.
- Ingestion points: Extracted video frames located in
./videx-out/are read and interpreted by the agent's vision tools. - Boundary markers: Absent. There are no delimiters or specific instructions to help the agent distinguish between legitimate video content and potential embedded malicious commands.
- Capability inventory: The skill possesses shell execution capabilities (via ffmpeg/ffprobe and the videx script), file system write access (
analysis.json), and the ability to interpret visual data. - Sanitization: Absent. No filtering or validation is performed on the visual data before it is processed by the agent.
Audit Metadata