framevideo-media

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the npx framevideo CLI to perform media processing tasks such as generating speech, transcribing audio, and removing backgrounds from video or images.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of Python packages kokoro-onnx and soundfile from standard registries. It also downloads pre-trained AI models for text-to-speech, transcription, and background removal, which are cached in the ~/.cache/framevideo/ directory.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing external media files for transcription.\n
  • Ingestion points: The npx framevideo transcribe command in SKILL.md accepts arbitrary audio and video files for processing.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the media content are present in the transcription instructions.\n
  • Capability inventory: The skill environment supports command execution via npx and package management tools including pip, brew, and apt-get.\n
  • Sanitization: Transcription results are not explicitly sanitized or escaped within the skill's instructions before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 08:18 AM
Security Audit — agent-trust-hub — framevideo-media