Skills
skills/postplusai/postplus-skills/video-batch-runner/Gen Agent Trust Hub

video-batch-runner

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill monitors the project's assets/texts directory using a FileWatcher and automatically parses markdown files into the project's state. This creates an indirect prompt injection surface where instructions embedded in media metadata or script files could influence agent behavior.
  • Ingestion points: Markdown files in assets/texts/ processed by PostPlusWorkspaceRuntime.handleExternalMarkdownEdit in postplus_workspace_runtime.mjs.
  • Boundary markers: Uses HTML comments like <!-- postplus:block [ID] --> to separate content blocks.
  • Capability inventory: The skill has access to the file system, network (PostPlus Cloud), and can execute shell commands via yt-dlp and ffmpeg.
  • Sanitization: Includes basic unescaping and validation of identifiers, but lacks deep sanitization of the natural language content within blocks.
  • [COMMAND_EXECUTION]: The skill invokes external command-line utilities to perform media-related tasks. Specifically, it uses spawn to run python3 -m yt_dlp for downloading videos and execFileSync to run ffmpeg for generating test media. On macOS, it also uses the open command to display files to the user.
  • [EXTERNAL_DOWNLOADS]: The skill downloads media assets (video, audio, and images) from vendor-controlled cloud storage and other remote URLs defined in project manifests.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:14 AM
Security Audit — agent-trust-hub — video-batch-runner