oc-proxy-converter
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeocandffprobecommands. This is the intended primary purpose of the skill to perform media conversion and duration verification. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes external files, though the risk is minimal given the binary nature of the media files.
- Ingestion points: Local files (e.g.,
.LRF,.LRV) referenced by the<FILE>parameter inSKILL.md. - Boundary markers: None present in the instructions to separate untrusted data from the agent prompt.
- Capability inventory: Shell command execution via
Bash(specifically theocandffprobebinaries). - Sanitization: No explicit sanitization or validation of the input file content is defined; the skill relies on the underlying media processing utilities to handle the data safely.
Audit Metadata