demo-video

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates a shell script (build.sh) to automate a video production pipeline. This script is intended to run command-line tools such as ffmpeg for video compositing, playwright for capturing screenshots of generated HTML scenes, and edge-tts for generating narration audio.\n- [SAFE]: The skill ingests user-provided screenshots and scene descriptions to generate its output. While this presents an indirect prompt injection surface where external input could theoretically influence the generated shell commands or HTML content, the workflow is consistent with the skill's creative purpose and uses standard tool orchestration.\n
  • Ingestion points: User-provided screenshots and scene descriptions (SKILL.md).\n
  • Boundary markers: None explicitly defined in the prompt instructions to isolate user input from the generation logic.\n
  • Capability inventory: Generation of executable shell scripts and utilization of external MCP tools (playwright, ffmpeg, edge-tts) (SKILL.md).\n
  • Sanitization: Not explicitly defined; the agent is instructed to transform user ideas into structured HTML and text artifacts.\n- [SAFE]: All external links and repository references point to official project pages or the author's personal infrastructure, and no obfuscation or suspicious behavior was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:06 AM
Security Audit — agent-trust-hub — demo-video