pp-twelvelabs
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
twelvelabs-pp-clifrom the official@mvanhorn/printing-press-libraryNPM package and the corresponding GitHub repository. Both sources are associated with the skill's vendor infrastructure. - [COMMAND_EXECUTION]: Executable commands are routed through the
twelvelabs-pp-clibinary to perform video uploads, indexing, and processing via the TwelveLabs API. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>flag that allows the redirection of command outputs to an arbitrary external URL, which could be used for data egress. - [PROMPT_INJECTION]: The skill handles untrusted external data such as video files and JSON editing plans without explicit sanitization or boundary markers, creating an indirect prompt injection surface. (Ingestion:
--fileand--planflags; Capabilities: API network access and file writing; Sanitization: None documented).
Audit Metadata