watch
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
ffmpegandffprobeto analyze and process a user-provided local video file. Using a file path provided in user input as a command argument presents a potential command injection vector if the input is not strictly validated or sanitized by the underlying execution environment. - Evidence: SKILL.md workflow steps 1 and 5.
- [DATA_EXFILTRATION]: When the transcription feature is enabled, the skill extracts audio from the local video and sends it to external providers (Groq or OpenAI) for processing. This data transfer is consistent with the skill's stated purpose and targets well-known services.
- Evidence: SKILL.md workflow step 6 and references/parameters.md.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the
focusparameter, which allows free-text instructions to influence the agent's observation report. - Ingestion points: The
focusinput parameter (SKILL.md) and the contents of the processed video file (audio and visuals). - Boundary markers: None identified in the workflow for separating caller-supplied instructions in the
focusfield or the transcribed text from the agent's core instructions. - Capability inventory: The skill can read local files, execute system commands (
ffmpeg,ffprobe), write multiple output files (observation.md,manifest.json), and perform network requests to transcription APIs. - Sanitization: No specific sanitization, escaping, or validation of the
focusinput or the transcribed audio content is described before these data points are used to compose the observation report.
Audit Metadata