broll-avatar-camera
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The scripts
scripts/build_frame.pyandscripts/make_broll_camera.pyinterpolate user-provided action descriptions directly into structured prompt templates for image and video generation models. This creates an indirect prompt injection surface where untrusted input could attempt to influence the behavior of the downstream generative models. - Ingestion points:
--actionargument inbuild_frame.py,--video-promptargument inmake_broll_camera.py. - Boundary markers: None.
- Capability inventory: Subprocess calls (
ffmpeg,ffprobe,python3), file system writes. - Sanitization: None.
- [DATA_EXFILTRATION]: The
get_replicate_tokenfunction inscripts/_common.pyscans for and reads configuration files from other skill directories (e.g.,~/.cursor/skills/avatar-talking-video/config.json) to find and usereplicate_api_tokenvalues. While intended for internal credential sharing within the author's ecosystem, this pattern involves systematic access to sensitive configuration files. - [COMMAND_EXECUTION]: The skill invokes system utilities
ffmpegandffprobeusingsubprocess.runto strip audio from clips and verify duration. It also executes a Python script from a sibling skill (gpt-image-2) to handle image generation tasks. - [EXTERNAL_DOWNLOADS]: The
save_outputfunction inscripts/_common.pyusesurllib.request.urlretrieveto download generated video content from Replicate's platform. - [REMOTE_CODE_EXECUTION]: The script
scripts/_common.pyuses__import__("replicate")to dynamically load the Replicate Python library if it is present on the system.
Audit Metadata