Skills
skills/udecode/better-convex/feature-video/Gen Agent Trust Hub

feature-video

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to facilitate video recording and PR management.
  • Uses gh pr view and gh pr edit to interact with GitHub Pull Requests.
  • Uses ffmpeg to process screenshots into video and GIF formats.
  • Uses agent-browser to perform UI interactions and capture screenshots.
  • Uses rclone copy to upload media files to cloud storage.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install an external dependency.
  • Recommends global installation of agent-browser via npm install -g agent-browser if not already present.
  • [DATA_EXFILTRATION]: The skill is designed to upload local data to external storage.
  • Uploads screenshots and video files to a cloud storage remote (e.g., R2 via rclone). While this is the intended functionality, the script contains a hardcoded path (r2:kieran-claude/pr-videos/) which assumes a specific rclone configuration.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external data.
  • Ingestion points: Fetches Pull Request titles, bodies, and file lists using the GitHub CLI (SKILL.md).
  • Boundary markers: No specific delimiters are used when the agent processes or appends to the PR body.
  • Capability inventory: The skill can execute shell commands, manage files, and modify PR content (SKILL.md).
  • Sanitization: No explicit sanitization of the PR content is performed before it is used in documentation updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:20 AM