recording
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes code templates that use
child_process.execSyncto invoke FFmpeg for video conversion. This is a common practice for media processing but presents a command injection risk if the file paths or arguments are derived from untrusted user input. - [EXTERNAL_DOWNLOADS]: The documentation references downloading Chromium binaries via
npx playwright install. This is the standard setup for the Playwright automation library provided by a well-known vendor. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of navigating to and interacting with external web content.
- Ingestion points: The skill visits external URLs using
page.goto()(SKILL.md). - Boundary markers: Absent; the instructions do not include markers or directives for the agent to distinguish between skill instructions and commands potentially embedded in web pages.
- Capability inventory: The skill has the ability to write to the local filesystem (
fs.writeFile) and execute shell commands (execSync) (SKILL.md). - Sanitization: Absent; there is no mention of sanitizing or validating the content retrieved from the web before processing it.
Audit Metadata