oc-proxy-converter

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute oc and ffprobe commands. This is the intended primary purpose of the skill to perform media conversion and duration verification.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes external files, though the risk is minimal given the binary nature of the media files.
  • Ingestion points: Local files (e.g., .LRF, .LRV) referenced by the <FILE> parameter in SKILL.md.
  • Boundary markers: None present in the instructions to separate untrusted data from the agent prompt.
  • Capability inventory: Shell command execution via Bash (specifically the oc and ffprobe binaries).
  • Sanitization: No explicit sanitization or validation of the input file content is defined; the skill relies on the underlying media processing utilities to handle the data safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:48 AM
Security Audit — agent-trust-hub — oc-proxy-converter