Skills
skills/casperliu7/wechat-editor-agent/Video Producer/Gen Agent Trust Hub

Video Producer

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The workflow involves downloading background music from public libraries using curl or wget. This is a routine task for media production and does not involve executing the downloaded content.
  • [COMMAND_EXECUTION]: The skill relies on local scripts to orchestrate the video pipeline:
  • scripts/audio_subtitle_gen.sh uses the edge-tts tool to generate audio and synchronized subtitles.
  • scripts/ffmpeg_assembly.sh uses ffmpeg for video resizing, padding, and burning subtitles into the final output.
  • scripts/record_scroll.py uses the playwright library to automate browser sessions for screen recording.
  • [PROMPT_INJECTION]: The skill ingests user-provided URLs to perform automated screen recording, which represents an indirect prompt injection surface.
  • Ingestion points: User-provided web URLs captured via Playwright in Step 3.
  • Boundary markers: None identified for isolating external web content during the recording process.
  • Capability inventory: The skill has access to subprocess execution (ffmpeg, python), network operations (playwright, curl), and file system tools (Write, Edit).
  • Sanitization: No validation or sanitization is performed on the URL or the resulting page content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:18 AM