videocut-clip-oral
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides Python code snippets that use
subprocess.runto execute theffmpegbinary for audio extraction and segmentation. While a standard practice for video processing, this allows for arbitrary command execution if input filenames or paths are not strictly controlled. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's setup instructions require installing
funasrandmodelscopevia pip. These libraries and their associated models are downloaded from external sources that are not included in the provided list of trusted GitHub repositories or organizations. - [PROMPT_INJECTION] (LOW): The skill creates a surface for Indirect Prompt Injection (Category 8) because it transcribes untrusted audio from video files and then processes that text to identify errors. Malicious commands embedded in the speech could potentially bypass safety filters or influence the agent's behavior.
- Ingestion points: User-provided video files (
*.mp4) are converted to text. - Boundary markers: The skill uses markdown headers and specific task list formats, but does not provide explicit instructions to the LLM to ignore potentially malicious commands within the transcript.
- Capability inventory: Includes file system writing (
/tmp/), execution of system processes viasubprocess, and network operations for downloading ML models. - Sanitization: No evidence of sanitization or filtering for the transcribed speech data is present in the methodology.
- [PROMPT_INJECTION] (LOW): Self-referential instructions labeled 'Architecture Guardian' are present in
README.mdandSKILL.md. These commands direct the agent to maintain and update the skill's file structure, which could be misused if the agent is tricked into modifying its own instructions.
Audit Metadata