vss-ask-video
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
curl,jq, andpython3to perform service health checks, query the VSS agent, and process the resulting data. These commands are used appropriately within the context of interacting with a development or production video analytics stack. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by interpolating user-provided queries into the
input_messagesent to the VSS agent's/generateendpoint. - Ingestion points: User input is embedded directly into the prompt template in
SKILL.md. - Boundary markers: No explicit delimiters are used to wrap the user-supplied text.
- Capability inventory: The skill has access to shell commands (
curl,python3) for tool operations. - Sanitization: The skill processes the agent's output using a Python one-liner to strip internal metadata tags, though it does not sanitize the initial user-provided input before submission to the agent.
- [DATA_EXFILTRATION]: The skill provides instructions for uploading local files to a VST storage service via
curl -X PUT. This network operation is part of the intended workflow for managing video data and utilizes configuration provided via environment variables such as${HOST_IP}.
Audit Metadata