cinematic-scrub-landing
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ffmpegto re-encode user-provided video files, ensuring they are optimized for high-performance timeline scrubbing in web browsers. - [COMMAND_EXECUTION]: The instructions involve standard project scaffolding commands including
npm create vite,npm install, andnpx tailwindcss initto generate and configure a local development environment. - [EXTERNAL_DOWNLOADS]: The skill downloads project dependencies from the official NPM registry and fetches typography assets from Google Fonts' public CDN.
- [PROMPT_INJECTION]: The skill identifies ingestion points for user-provided strings such as
BRAND_CONTEXTandPRODUCT_NAME. These inputs are interpolated into generated source code, creating a surface for indirect prompt injection that is mitigated by the skill's structured architectural constraints.
Audit Metadata