skills/q00/openclip/oc/Gen Agent Trust Hub

oc

Warn

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the openclip CLI tool directly from the vendor's GitHub repository (github.com/Q00/openclip) using uv, pipx, or pip during the setup phase.- [REMOTE_CODE_EXECUTION]: The skill features a 'self-extending toolbox' (oc-toolsmith) which allows agents to author, register, and execute new scripts at runtime. While the skill describes an audit process (oc-tool-auditor) and a 'scrubbed environment' for promoted tools, this functionality enables dynamic code generation and execution.- [COMMAND_EXECUTION]: The orchestrator and workers execute various shell commands including ffmpeg, ffprobe, and the oc CLI tool to perform video processing tasks like transcoding, clipping, and rendering.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes external data.
  • Ingestion points: Video content (via STT transcripts) and user-supplied 'steering directives' recorded via oc steer.
  • Boundary markers: No explicit delimiters or sanitization instructions for steering notes are defined in the provided files.
  • Capability inventory: The skill can execute CLI tools, write to the file system, and run agent-authored scripts via the toolbox.
  • Sanitization: The skill mentions a 'static deny-list scan' and 'scrubbed env' specifically for the promotion of learned tools to shared memory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 6, 2026, 03:48 AM
Security Audit — agent-trust-hub — oc