remix-apple-notes-ad-from-sample

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands such as ffmpeg and node to render video frames and stitch them into a final MP4. This is consistent with its stated purpose of video ad production and uses standard binaries found on a developer machine.
  • [EXTERNAL_DOWNLOADS]: The skill checks for and may instruct the user to install well-known software like ffmpeg (via brew) and Chromium (via npx playwright install chromium). These are established, well-known tools required for the automation and rendering tasks performed.
  • [DATA_EXFILTRATION]: The skill uploads final video assets and thumbnails to the Gooseworks platform using presigned URLs obtained via the get_upload_url tool. This behavior is the intended method for publishing the completed ad project to the project's durable storage.
  • [PROMPT_INJECTION]: The skill processes untrusted data from ad templates and brand research to generate note content. The workflow includes a mandatory user approval step in Phase 1.5 where the script is presented for review before any rendering occurs, mitigating risks associated with malicious template content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — remix-apple-notes-ad-from-sample