framevideo-media
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
npx framevideoCLI to perform media processing tasks such as generating speech, transcribing audio, and removing backgrounds from video or images.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of Python packageskokoro-onnxandsoundfilefrom standard registries. It also downloads pre-trained AI models for text-to-speech, transcription, and background removal, which are cached in the~/.cache/framevideo/directory.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing external media files for transcription.\n - Ingestion points: The
npx framevideo transcribecommand inSKILL.mdaccepts arbitrary audio and video files for processing.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the media content are present in the transcription instructions.\n
- Capability inventory: The skill environment supports command execution via
npxand package management tools includingpip,brew, andapt-get.\n - Sanitization: Transcription results are not explicitly sanitized or escaped within the skill's instructions before being processed by the agent.
Audit Metadata