cinematic-scrub-landing

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes ffmpeg to re-encode user-provided video files, ensuring they are optimized for high-performance timeline scrubbing in web browsers.
  • [COMMAND_EXECUTION]: The instructions involve standard project scaffolding commands including npm create vite, npm install, and npx tailwindcss init to generate and configure a local development environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads project dependencies from the official NPM registry and fetches typography assets from Google Fonts' public CDN.
  • [PROMPT_INJECTION]: The skill identifies ingestion points for user-provided strings such as BRAND_CONTEXT and PRODUCT_NAME. These inputs are interpolated into generated source code, creating a surface for indirect prompt injection that is mitigated by the skill's structured architectural constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:42 AM
Security Audit — agent-trust-hub — cinematic-scrub-landing