remix-apple-notes-ad-from-sample
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands such as
ffmpegandnodeto render video frames and stitch them into a final MP4. This is consistent with its stated purpose of video ad production and uses standard binaries found on a developer machine. - [EXTERNAL_DOWNLOADS]: The skill checks for and may instruct the user to install well-known software like
ffmpeg(via brew) and Chromium (vianpx playwright install chromium). These are established, well-known tools required for the automation and rendering tasks performed. - [DATA_EXFILTRATION]: The skill uploads final video assets and thumbnails to the Gooseworks platform using presigned URLs obtained via the
get_upload_urltool. This behavior is the intended method for publishing the completed ad project to the project's durable storage. - [PROMPT_INJECTION]: The skill processes untrusted data from ad templates and brand research to generate note content. The workflow includes a mandatory user approval step in Phase 1.5 where the script is presented for review before any rendering occurs, mitigating risks associated with malicious template content.
Audit Metadata