Premiere
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to recommend the installation of the 'flue' package via pip (
pip install flue && flue setup) if it is not already present. The package and its source code are hosted on PyPI and GitHub under the author's own namespace (sfkislev), which constitutes a vendor resource. - [COMMAND_EXECUTION]: The core functionality relies on executing local Python bridge scripts (e.g.,
premiere_bridge.py,photoshop_bridge.py) and passing application-specific scripts (ExtendScript, Python, etc.) through stdin. This mechanism allows the agent to control desktop software like Adobe Premiere, Photoshop, and Blender. - [DATA_EXFILTRATION]: While the bridge scripts return structured JSON metadata about the application state (project structure, clip names, etc.) to the shell, there is no evidence of this data being transmitted to unauthorized external domains. The network access mentioned (GitHub, PyPI) is limited to installation and documentation.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it processes data from within desktop applications (project names, layer names, etc.) to generate automation scripts. If an attacker controlled the project file metadata, they could attempt to influence the script generation logic.
- Ingestion points: Data is ingested through bridge commands that read the current state of the target desktop application (SKILL.md, FLUE.md).
- Boundary markers: None explicitly defined for script generation.
- Capability inventory: Subprocess execution of Python bridges and desktop application scripting runtimes.
- Sanitization: None specified for input data derived from the application state.
Audit Metadata