creative-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
ffmpegfor frame extraction andyt-dlpfor downloading external media assets. - [EXTERNAL_DOWNLOADS]: Installs the
@anthropic-ai/agent-browserutility globally via npm. It also fetches media from external URLs, including the author's domainbroomva.tech. - [PROMPT_INJECTION]: Susceptible to indirect prompt injection. The skill relies on analyzing external visual data (frames from videos or images) using an LLM. Malicious instructions embedded within the visual content of the assets being reviewed could attempt to subvert the agent's evaluation logic.
- Ingestion points: Reference and generated media files/URLs processed in Phase 1 and Phase 2.
- Boundary markers: Absent; there are no instructions to the agent to disregard or isolate instructions found within the visual data.
- Capability inventory: File system access, network downloads via
yt-dlp, and browser control viaagent-browser. - Sanitization: No content filtering or verification is performed on the extracted frames before visual analysis.
Audit Metadata