oc
Warn
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
openclipCLI tool directly from the vendor's GitHub repository (github.com/Q00/openclip) usinguv,pipx, orpipduring the setup phase.- [REMOTE_CODE_EXECUTION]: The skill features a 'self-extending toolbox' (oc-toolsmith) which allows agents to author, register, and execute new scripts at runtime. While the skill describes an audit process (oc-tool-auditor) and a 'scrubbed environment' for promoted tools, this functionality enables dynamic code generation and execution.- [COMMAND_EXECUTION]: The orchestrator and workers execute various shell commands includingffmpeg,ffprobe, and theocCLI tool to perform video processing tasks like transcoding, clipping, and rendering.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes external data. - Ingestion points: Video content (via STT transcripts) and user-supplied 'steering directives' recorded via
oc steer. - Boundary markers: No explicit delimiters or sanitization instructions for steering notes are defined in the provided files.
- Capability inventory: The skill can execute CLI tools, write to the file system, and run agent-authored scripts via the toolbox.
- Sanitization: The skill mentions a 'static deny-list scan' and 'scrubbed env' specifically for the promotion of learned tools to shared memory.
Audit Metadata