video-editing

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied video transcripts and interpolates the text into prompts for large language models within rewrite_script.py and imagegen_hint.py. This creates a potential surface for indirect prompt injection where adversarial content within a transcript could attempt to influence the agent's behavior during the script restructuring or image planning stages.
  • Ingestion points: User-controlled transcript text in rewrite_script.py and imagegen_hint.py.
  • Boundary markers: Not observed in the prompt templates.
  • Capability inventory: Execution of system commands (FFmpeg, Chrome) and file system access.
  • Sanitization: None observed on the interpolated text.
  • [EXTERNAL_DOWNLOADS]: The utils.py script automatically downloads font assets (.ttf, .otf) from official GitHub repositories and well-known content delivery networks (jsDelivr). These downloads are used to provide the necessary typography for video subtitles and covers. The sources (Google Fonts, Adobe, etc.) are established and trusted.
  • [COMMAND_EXECUTION]: The skill relies on the subprocess module to perform core functionality. This includes executing ffmpeg and ffprobe for media manipulation, and headless Chrome/Chromium in generate_cover_image.py for high-fidelity text rendering. The execution patterns are consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 02:00 PM
Security Audit — agent-trust-hub — video-editing