aicut-editing

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to run local Python scripts located in the scripts/ directory to perform core functions like importing media and managing projects. This includes aicut_tool.py, aicut_sdk.py, and project_manager.py.
  • [DATA_EXFILTRATION]: The system exposes a media serving API at /api/media/serve?path= that accepts absolute file paths. While intended for serving assets, this provides a mechanism to access any file readable by the underlying service process across the entire file system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data to determine its actions. 1. Ingestion points: The agent reads state and configuration from ai_workspace/project-snapshot.json and projects/projectIdMap.json (SKILL.md). 2. Boundary markers: There are no instructions for the agent to use delimiters or to ignore embedded commands within these data files. 3. Capability inventory: The agent can execute local scripts, delete project directories, and send POST requests to the /api/ai-edit endpoint (SKILL.md). 4. Sanitization: The instructions do not define any validation or sanitization steps for the data ingested from the project files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:43 AM
Security Audit — agent-trust-hub — aicut-editing