create-chatgpt-video-ad
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
ffmpegthroughchild_process.execSyncin the recording scripts and viasubprocess.runwithin a Python block in thestitch.shscript. These operations are essential for its primary purpose of rendering video and layering audio cues. The command arguments are constructed using controlled local paths and validated inputs from configuration files. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
playwrightNode.js library and theffmpegsystem utility. Both are well-known, industry-standard tools for browser automation and media processing. The skill does not perform any unverified remote code downloads. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied content (a "brief") to generate a conversation thread. This content is then rendered into the mockup. While this presents a surface for indirect prompt injection, it is the core functionality of the skill. The conversion of user input into structured JSON (
thread.json) by the agent serves as a validation step before rendering.
Audit Metadata