demo-video
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a shell script (
build.sh) to automate a video production pipeline. This script is intended to run command-line tools such asffmpegfor video compositing,playwrightfor capturing screenshots of generated HTML scenes, andedge-ttsfor generating narration audio.\n- [SAFE]: The skill ingests user-provided screenshots and scene descriptions to generate its output. While this presents an indirect prompt injection surface where external input could theoretically influence the generated shell commands or HTML content, the workflow is consistent with the skill's creative purpose and uses standard tool orchestration.\n - Ingestion points: User-provided screenshots and scene descriptions (SKILL.md).\n
- Boundary markers: None explicitly defined in the prompt instructions to isolate user input from the generation logic.\n
- Capability inventory: Generation of executable shell scripts and utilization of external MCP tools (
playwright,ffmpeg,edge-tts) (SKILL.md).\n - Sanitization: Not explicitly defined; the agent is instructed to transform user ideas into structured HTML and text artifacts.\n- [SAFE]: All external links and repository references point to official project pages or the author's personal infrastructure, and no obfuscation or suspicious behavior was detected.
Audit Metadata