video-script
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external URLs and local repositories during its research phase, establishing an indirect prompt injection surface. This is an inherent risk for research-based agents but is mitigated as the skill's output is restricted to text generation for human review.\n
- Ingestion points: External articles and code repositories processed via WebFetch and Read/Grep/Glob (SKILL.md).\n
- Boundary markers: Not present.\n
- Capability inventory: Local file writing and directory creation (SKILL.md).\n
- Sanitization: None specified.\n- [DATA_EXFILTRATION]: The skill prompts users for promotional links and social media handles, which it stores in a local memory file (~/.claude/projects/.../memory/video-promo.md). This allows the information to persist across sessions for automated insertion into video metadata. This functionality is transparent and limited to user-provided public information.\n- [COMMAND_EXECUTION]: The skill performs standard file system operations to create date-based project directories and save markdown files. These actions are confined to the user's workspace and are necessary for organizing video production assets.
Audit Metadata