broll-avatar-camera

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The scripts scripts/build_frame.py and scripts/make_broll_camera.py interpolate user-provided action descriptions directly into structured prompt templates for image and video generation models. This creates an indirect prompt injection surface where untrusted input could attempt to influence the behavior of the downstream generative models.
  • Ingestion points: --action argument in build_frame.py, --video-prompt argument in make_broll_camera.py.
  • Boundary markers: None.
  • Capability inventory: Subprocess calls (ffmpeg, ffprobe, python3), file system writes.
  • Sanitization: None.
  • [DATA_EXFILTRATION]: The get_replicate_token function in scripts/_common.py scans for and reads configuration files from other skill directories (e.g., ~/.cursor/skills/avatar-talking-video/config.json) to find and use replicate_api_token values. While intended for internal credential sharing within the author's ecosystem, this pattern involves systematic access to sensitive configuration files.
  • [COMMAND_EXECUTION]: The skill invokes system utilities ffmpeg and ffprobe using subprocess.run to strip audio from clips and verify duration. It also executes a Python script from a sibling skill (gpt-image-2) to handle image generation tasks.
  • [EXTERNAL_DOWNLOADS]: The save_output function in scripts/_common.py uses urllib.request.urlretrieve to download generated video content from Replicate's platform.
  • [REMOTE_CODE_EXECUTION]: The script scripts/_common.py uses __import__("replicate") to dynamically load the Replicate Python library if it is present on the system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM