create-imessage-video-ad

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes ffmpeg and ffprobe through shell scripts and Node.js subprocesses to assemble video clips, mix audio, and verify media properties. It also executes dynamic Python code and injects JavaScript drivers to manage complex recording timelines.
  • [EXTERNAL_DOWNLOADS]: The scripts/fal_helpers.py utility facilitates interaction with the FAL.ai API, enabling the upload of local assets and the retrieval of generated photographic content.
  • [PROMPT_INJECTION]: The skill processes external data from the ad brief and chat bubbles which are used to generate HTML content and control recording scripts.
  • Ingestion points: threads/full-thread.json and ad brief input.
  • Boundary markers: None explicitly present.
  • Capability inventory: Execution of ffmpeg, ffprobe, python, and Playwright browser automation.
  • Sanitization: Not implemented in the provided templates for user-supplied bubble text.
  • [SAFE]: The skill follows secure practices for handling API credentials by resolving keys from environment variables or local .env files rather than hardcoding them.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — create-imessage-video-ad