hands-3d-pose
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to clone a codebase from an untrusted GitHub repository (ap229997/hands). While the metadata identifies the author as K-Dense Inc., the repository is hosted under an unverified personal account.
- [REMOTE_CODE_EXECUTION]: The setup process includes executing a shell script (
bash scripts/download_models.sh) and running a Python script (python demo.py) from the cloned repository. Since the source repository is not from a trusted vendor, this behavior represents unverifiable remote code execution. - [COMMAND_EXECUTION]: The skill requires several high-privilege command-line operations for installation and execution, including
git clone,pip install -r requirements.txt, andbashscript execution. These commands execute code from an external source without prior validation. - [INDIRECT_PROMPT_INJECTION]: The skill processes external video and image data which serves as a potential attack surface.
- Ingestion points: Reads video files (
egocentric_video.mp4) and images (frame.jpg) usingcv2.VideoCaptureandcv2.imreadas described in SKILL.md. - Boundary markers: No boundary markers or instructions to ignore embedded content are present.
- Capability inventory: The skill uses
np.save,json.dump, andcv2.VideoWriterto write files to the local system. - Sanitization: No sanitization or validation of the input media files is mentioned.
Audit Metadata