Skills
skills/aradotso/devtools-skills/clipify-video-clip-generator/Gen Agent Trust Hub

clipify-video-clip-generator

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from an unverified GitHub account (github.com/louisedesadeleer/clipify.git).
  • [REMOTE_CODE_EXECUTION]: The installation process involves downloading external scripts from an unverified source and subsequently executing them as part of the skill's primary workflow. This pattern is a significant risk for remote code execution if the source repository were to be compromised or malicious.
  • [COMMAND_EXECUTION]: The skill heavily utilizes shell commands and Python's subprocess.run to interact with the filesystem and external tools like FFmpeg.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists where untrusted data (video content transcribed via Whisper) is processed by the skill to generate subtitles and titles.
  • Ingestion points: Whisper transcription JSON files (source.json).
  • Boundary markers: None identified in the provided script examples.
  • Capability inventory: File system writes and shell command execution via subprocess.run (found in batch processing and integration sections).
  • Sanitization: No explicit sanitization of transcribed text is shown before it is passed to FFmpeg filters or other scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 04:27 PM