pp-twelvelabs

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the twelvelabs-pp-cli from the official @mvanhorn/printing-press-library NPM package and the corresponding GitHub repository. Both sources are associated with the skill's vendor infrastructure.
  • [COMMAND_EXECUTION]: Executable commands are routed through the twelvelabs-pp-cli binary to perform video uploads, indexing, and processing via the TwelveLabs API.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> flag that allows the redirection of command outputs to an arbitrary external URL, which could be used for data egress.
  • [PROMPT_INJECTION]: The skill handles untrusted external data such as video files and JSON editing plans without explicit sanitization or boundary markers, creating an indirect prompt injection surface. (Ingestion: --file and --plan flags; Capabilities: API network access and file writing; Sanitization: None documented).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:36 PM
Security Audit — agent-trust-hub — pp-twelvelabs