skills/q00/openclip/oc-subtitle-agent/Gen Agent Trust Hub

oc-subtitle-agent

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the oc command-line utility for subtitle re-timing, translation, and burn-in. This is a standard use of the tool for media automation.\n
  • Evidence: Bash commands in SKILL.md like oc --project <PROJECT> subtitle.\n- [PROMPT_INJECTION]: The skill processes external transcript files (transcript.json), which constitutes an indirect prompt injection surface. This is a common characteristic of data-processing skills and no specific exploitation patterns were found.\n
  • Ingestion points: <PROJECT>/transcript.json.\n
  • Boundary markers: The instructions do not define specific delimiters for the transcript data.\n
  • Capability inventory: The agent has access to Bash for shell execution and Read for file system access.\n
  • Sanitization: No explicit data validation or sanitization steps are listed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:48 AM
Security Audit — agent-trust-hub — oc-subtitle-agent