Skills
skills/agricidaniel/claude-video/claude-video-export/Gen Agent Trust Hub

claude-video-export

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands, including ffmpeg and ffprobe, and calls local scripts such as scripts/preflight.sh and scripts/detect_gpu.sh. These operations are necessary for the skill's primary purpose of video processing.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection where user-supplied file paths are interpolated into shell execution strings.
  • Ingestion points: The $INPUT and $OUTPUT variables, representing user-provided filenames, are used throughout SKILL.md.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands within filenames are provided.
  • Capability inventory: The skill uses the Bash tool to perform complex video manipulation and script execution.
  • Sanitization: Input variables are double-quoted in shell commands (e.g., "$INPUT"), which mitigates basic word-splitting issues, but there is no explicit validation or sanitization of the string content to prevent more complex command injection or unexpected shell behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:55 PM
Security Audit — agent-trust-hub — claude-video-export