skills/hkuds/cli-anything/quietshrink/Gen Agent Trust Hub

quietshrink

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local command-line tool cli-anything-quietshrink to perform video compression and file analysis on the user's system.
  • [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (achiya-automation/quietshrink) for source code and documentation. It also provides instructions to install system dependencies via Homebrew (brew install ffmpeg).
  • [INDIRECT_PROMPT_INJECTION]: The skill extracts metadata from external video files using the probe command and returns the data as JSON to the agent. This represents a potential surface for indirect prompt injection if an attacker were to craft malicious metadata within a video file.
  • Ingestion points: Output from cli-anything-quietshrink probe in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded content are provided for the tool's output.
  • Capability inventory: Local file system access for video compression and metadata extraction via cli-anything-quietshrink.
  • Sanitization: No sanitization logic is present in the skill instructions; the agent relies on the output produced by the local CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 10:52 PM
Security Audit — agent-trust-hub — quietshrink