Skills
skills/lispking/video-skills/manim-video-teacher/Gen Agent Trust Hub

manim-video-teacher

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Dynamic Execution] (MEDIUM): The pipeline.py script dynamically constructs and executes shell commands using subprocess.run. It uses sys.executable to call local scripts (tts_generate.py, mux_av.py, etc.), which is a standard pattern but increases the attack surface if input arguments are not strictly validated.
  • [File System Access / Persistence] (MEDIUM): The pipeline.py script includes a --log-file argument that allows the agent to write the command history to an arbitrary file path. An attacker using prompt injection could potentially trick the agent into overwriting sensitive configuration files (e.g., ~/.bashrc or .env files) with command strings.
  • [Unverifiable Dependencies] (MEDIUM): The skill relies on external packages like edge-tts and Pillow, as well as the system-level tool ffmpeg. While these are common libraries, the skill encourages the user to install them without version pinning, which can lead to supply chain risks.
  • [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection as it processes untrusted user data to generate video scripts, titles, and narration audio.
  • Ingestion points: pipeline.py (via --tts-text and --tts-file), make_cover.py (via --title and --subtitle), and tts_generate.py (via text inputs).
  • Boundary markers: None identified. Instructions do not specify delimiters for user-provided text.
  • Capability inventory: File system writes (audio/video/logs), network requests (via edge_tts), and subprocess execution (ffmpeg).
  • Sanitization: None. The scripts directly pass user-provided strings into command arguments and file writing functions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM