Skills
skills/jianshuo/claude-skills/wjs-overlaying-video/Gen Agent Trust Hub

wjs-overlaying-video

Warn

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/scaffold.py and references/build_hf_clips.py scripts utilize subprocess.run() to invoke npx hyperframes init, which initializes the project environment and installs necessary dependencies.
  • [REMOTE_CODE_EXECUTION]: The skill's HTML templates incorporate a script tag to load the GSAP animation library from the well-known JSDelivr CDN (https://cdn.jsdelivr.net/npm/gsap@3.14.2/dist/gsap.min.js).
  • [DYNAMIC_EXECUTION]: The skill dynamically generates executable HTML and JavaScript by interpolating data from JSON specifications, SRT subtitle files, and user-defined fragment files into predefined templates. Specifically, scripts/scaffold.py inlines raw code fragments into the final composition file.
  • [DATA_EXPOSURE]: Documentation within SKILL.md identifies ~/.codex/auth.json as a sensitive file containing credentials required by the make_cover.py script for authentication.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (JSON, SRT) that is interpolated into the generated output, creating a potential surface for injection.
  • Ingestion points: Configuration data is read from segments.json, spec.json, and SRT subtitle files.
  • Boundary markers: The templates lack explicit delimiters or warnings to prevent the agent from following instructions embedded in the processed data.
  • Capability inventory: The skill possesses capabilities for file system operations and command execution via shell subprocesses.
  • Sanitization: While some basic HTML escaping is applied in scripts/scaffold.py, it is not consistently implemented across all scripts and data fields.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 30, 2026, 12:48 AM
Security Audit — agent-trust-hub — wjs-overlaying-video