Skills
skills/screenkite/awesome-ai-video-editing/use-screenkite-advanced-b-roll/Gen Agent Trust Hub

use-screenkite-advanced-b-roll

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in apply_broll_dsl.py to interact with the local ScreenKite application binary for layout updates.
  • [COMMAND_EXECUTION]: Audio processing is performed via ffmpeg using subprocess.run in transcribe_mic.py.
  • [EXTERNAL_DOWNLOADS]: The skill installs the uv tool manager from its official domain and uses npx to download hyperframes from the NPM registry.
  • [REMOTE_CODE_EXECUTION]: Installation instructions include piping a script from https://astral.sh/uv/install.sh to the shell.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of transcription data into visual planning briefs.
  • Ingestion points: Data enters the context from ElevenLabs Scribe transcripts stored in takes_packed.md.
  • Boundary markers: None are present in the subagent-brief-template.md to distinguish user instructions from processed transcript content.
  • Capability inventory: The pipeline includes file system writes, local application command execution, and remote code execution via npx.
  • Sanitization: The skill does not perform validation or sanitization on transcription strings before including them in sub-agent prompts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 02:05 PM