feature-video
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-supplied arguments (
$ARGUMENTS) and data retrieved from the GitHub CLI ([number]) directly into shell commands. This creates a risk of command injection if the input contains shell metacharacters or if the PR number is maliciously crafted.- [DATA_EXFILTRATION]: The skill is configured to upload screenshots and video recordings to a remote Cloudflare R2 bucket usingrclone. The upload pathr2:kieran-claude/pr-videos/is hardcoded with a specific user identifier ('kieran-claude') that does not match the vendor context ('udecode'). This could result in sensitive UI walkthroughs being exfiltrated to a destination not controlled by the end user.- [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub PR titles and bodies which are then used to 'Plan the Video Flow' and update the PR description. This establishes an indirect prompt injection surface. - Ingestion points:
gh pr view(retrieving PR title and body) inSKILL.md - Boundary markers: None present
- Capability inventory:
gh pr edit,rclone copy,ffmpeg, andagent-browserexecution - Sanitization: None present- [EXTERNAL_DOWNLOADS]: The skill performs a global installation of the
agent-browserpackage from the NPM registry during setup.
Audit Metadata