user-research

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run() within make_clips.py and make_reel.py to automate video editing tasks using FFmpeg. These calls are implemented using a list-based argument structure rather than a shell string, which is a security best practice that prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The dump_segments.py script leverages the mlx_whisper library to perform audio transcription. During initial use, this triggers a download of pre-trained model weights from the official HuggingFace repository (mlx-community/whisper-large-v3-mlx). HuggingFace is a well-known and trusted service for machine learning models, and this download is consistent with the skill's primary function.
  • [DATA_EXFILTRATION]: Although the skill processes sensitive participant data and recordings, its design explicitly prioritizes local and offline execution. The use of local machine learning models for transcription (Whisper MLX) ensures that potentially sensitive audio data is processed on the user's hardware rather than being sent to external cloud services.
  • [PROMPT_INJECTION]: The skill instructions include clear process boundaries and ethical constraints, such as mandatory human observer notes and explicit consent scripts. These measures are designed to guide the agent toward safe and accurate synthesis of research data and do not contain any patterns intended to bypass platform security filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 10:28 AM
Security Audit — agent-trust-hub — user-research