Skills
skills/volcengine/mediakit-cli/byted-mediakit-audio/Gen Agent Trust Hub

byted-mediakit-audio

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @volcengine/mediakit-cli package from the npm registry. This is a legitimate vendor resource provided by Volcano Engine, the author of the skill, and is necessary for the skill's primary functionality.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands using the mediakit-cli binary to perform audio and video analysis. This behavior is consistent with the skill's stated purpose of providing media kit capabilities.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes data from external URLs.
  • Ingestion points: The audio_url and video_url parameters in the separate-voice and probe-audio-metadata tools allow the agent to fetch and process remote media files.
  • Boundary markers: The skill documentation does not specify the use of boundary markers or clear instructions for the agent to ignore any potential instructions embedded within media metadata or headers.
  • Capability inventory: The skill has the capability to execute shell commands via the mediakit-cli tool.
  • Sanitization: There is no mention of explicit sanitization or validation of the content retrieved from external URLs before it is processed by the CLI tool or interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:26 AM
Security Audit — agent-trust-hub — byted-mediakit-audio