video-debugger
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses ffmpeg, ffprobe, and local scripts to process video data and manage frame extraction. These are standard operations for the tool's stated purpose of video debugging.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download models from Hugging Face and software from LM Studio. These are well-known and trusted platforms in the AI development community.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external video files for visual analysis.\n
- Ingestion points: User-provided video files (.mov, .mp4, .gif) defined in Phase 1 (SKILL.md).\n
- Boundary markers: Absent; vision prompt templates in references/diff-tools.md do not include explicit delimiters or instructions to ignore embedded content.\n
- Capability inventory: The skill executes shell commands (ffmpeg, bash) and writes to the project directory (SKILL.md Phase 3 & 4.5).\n
- Sanitization: No evidence of input validation or sanitization for video metadata or visual content before processing.
Audit Metadata