summarize-video
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Ruby utility scripts (
summary_skeleton.rbandvisual_script_extractor.rb) via the shell to process data and generate file structures. While these scripts are bundled with the skill, invoking shell commands with variable path arguments (<visual_transcript_path>) presents a standard risk surface for command injection if the underlying platform does not sanitize the inputs. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes external data (video transcripts) that could contain malicious instructions.
- Ingestion points: The agent reads transcript data from JSON files specified by absolute paths at runtime in both
SKILL.mdandagent_prompt.md. - Boundary markers: There are no boundary markers, XML tags, or explicit 'ignore instructions' warnings used when the transcript content is presented to the agent.
- Capability inventory: The agent has significant capabilities, including filesystem writes (via the
Edittool) and the ability to execute shell commands as part of its defined workflow. - Sanitization: The Ruby scripts perform basic JSON parsing but do not sanitize or validate the text content (dialogue and visual descriptions) before it is passed to the LLM for summarization.
Audit Metadata