Skills
skills/posit-dev/positron/positron-demo-video/Gen Agent Trust Hub

positron-demo-video

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs shell commands for repository research (git log), test execution (npx playwright test), and video processing (ffmpeg, ffprobe).
  • [REMOTE_CODE_EXECUTION]: The skill creates Playwright test files based on a narrative and executes them to automate the demo recording. This local code generation and execution is central to the skill's functionality.
  • [PROMPT_INJECTION]: The skill's research phase ingests untrusted data from the repository that could potentially influence agent behavior.
  • Ingestion points: git logs, changed files, and existing e2e tests.
  • Boundary markers: No delimiters or instructions are used to isolate untrusted data during ingestion.
  • Capability inventory: The skill can execute shell commands and run generated test code.
  • Sanitization: No sanitization is applied to data read from the repository before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:26 PM