quietshrink
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local command-line tool
cli-anything-quietshrinkto perform video compression and file analysis on the user's system. - [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (
achiya-automation/quietshrink) for source code and documentation. It also provides instructions to install system dependencies via Homebrew (brew install ffmpeg). - [INDIRECT_PROMPT_INJECTION]: The skill extracts metadata from external video files using the
probecommand and returns the data as JSON to the agent. This represents a potential surface for indirect prompt injection if an attacker were to craft malicious metadata within a video file. - Ingestion points: Output from
cli-anything-quietshrink probeinSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded content are provided for the tool's output.
- Capability inventory: Local file system access for video compression and metadata extraction via
cli-anything-quietshrink. - Sanitization: No sanitization logic is present in the skill instructions; the agent relies on the output produced by the local CLI tool.
Audit Metadata