video-to-landing-page

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external binaries (ffmpeg and ffprobe) to process video files. The script references/extract-frames.py correctly uses the subprocess.run method with arguments passed as a list, which is the recommended secure pattern to prevent shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions for users to install necessary dependencies from official and well-known sources, such as official package managers. The file references/landing-template.html loads assets from Google Fonts.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it generates HTML content using strings provided by the user and metadata extracted from video files. Ingestion points include video metadata processed by ffprobe and user-supplied text for headlines and taglines. No explicit sanitization or boundary markers are implemented in the template generation logic, representing a standard indirect injection surface for this type of tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:50 AM
Security Audit — agent-trust-hub — video-to-landing-page