avatar-frames
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/setup.shscript downloads official MediaPipe face detection model weights (.tflite files) fromstorage.googleapis.com. This is a well-known service used for hosting official models and is considered a safe source. - [COMMAND_EXECUTION]: The skill instructs the user to execute a bash setup script and provides python3 command-line examples for frame extraction. These commands are standard for this type of developer-oriented tool.
- [PROMPT_INJECTION]: The skill processes untrusted video data and extracts text using OCR (EasyOCR). This text is then stored in the
manifest.jsonoutput file, which represents a surface for indirect prompt injection if downstream tools process this text without sanitization. - Ingestion points: The
scripts/extract_clean_frames.pyscript reads and OCRs content from video frames provided by the user. - Boundary markers: The output JSON does not utilize specific boundary markers or warnings to encapsulate or flag the extracted text.
- Capability inventory: The skill scripts have permissions to write to the file system (saving images and manifest files) and were initially installed via a setup script that executes shell commands.
- Sanitization: No sanitization or filtering is performed on the text strings extracted from video frames before they are written to the manifest file.
Audit Metadata