video-cut

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes ffmpeg and ffprobe as part of its primary functionality to analyze and cut video files.
  • Evidence: Found in scripts/lib.py (run_cmd) and scripts/cut.py (_detect_shot_changes, build_edited_source_video).
  • Context: All subprocess calls use list-based arguments without shell=True. Input parameters like timestamps are explicitly converted to floats before being interpolated into command strings, which prevents shell command injection.
  • [PROMPT_INJECTION]: The skill processes external data files that are a potential surface for indirect prompt injection.
  • Ingestion points: clip_plan.json, narration.json, and silence_periods.json are loaded and parsed in scripts/cut.py.
  • Boundary markers: Absent; there are no explicit delimiters or instructions for the agent to ignore embedded content within these files.
  • Capability inventory: The skill has the ability to write files to the workspace and execute system commands (ffmpeg).
  • Sanitization: The skill performs type-casting to float and int for all timing and ID data, effectively sanitizing the inputs used in system calls. The reason text field is only used for logging and is not passed to executable contexts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:56 AM
Security Audit — agent-trust-hub — video-cut