avatar-frames

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script downloads official MediaPipe face detection model weights (.tflite files) from storage.googleapis.com. This is a well-known service used for hosting official models and is considered a safe source.
  • [COMMAND_EXECUTION]: The skill instructs the user to execute a bash setup script and provides python3 command-line examples for frame extraction. These commands are standard for this type of developer-oriented tool.
  • [PROMPT_INJECTION]: The skill processes untrusted video data and extracts text using OCR (EasyOCR). This text is then stored in the manifest.json output file, which represents a surface for indirect prompt injection if downstream tools process this text without sanitization.
  • Ingestion points: The scripts/extract_clean_frames.py script reads and OCRs content from video frames provided by the user.
  • Boundary markers: The output JSON does not utilize specific boundary markers or warnings to encapsulate or flag the extracted text.
  • Capability inventory: The skill scripts have permissions to write to the file system (saving images and manifest files) and were initially installed via a setup script that executes shell commands.
  • Sanitization: No sanitization or filtering is performed on the text strings extracted from video frames before they are written to the manifest file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM