Skills
skills/zrt-ai-lab/opencode-skills/videocut-subtitle/Gen Agent Trust Hub

videocut-subtitle

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (SAFE): The skill utilizes standard command-line tools (Whisper and FFmpeg) to perform video processing tasks. These operations are directly related to the skill's primary purpose.
  • [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it ingests and processes untrusted data from video transcripts.
  • Ingestion points: Transcription results from video.mp4 and user-modified text drafts.
  • Boundary markers: None explicitly defined to separate the transcript data from the agent's instructions.
  • Capability inventory: Subprocess execution of whisper and ffmpeg (via SKILL.md).
  • Sanitization: No explicit sanitization is performed on the transcript text, though the workflow includes a 'User Review' step which serves as a manual checkpoint.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communications were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:06 PM