video-cut
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ffmpegandffprobeas part of its primary functionality to analyze and cut video files. - Evidence: Found in
scripts/lib.py(run_cmd) andscripts/cut.py(_detect_shot_changes,build_edited_source_video). - Context: All subprocess calls use list-based arguments without
shell=True. Input parameters like timestamps are explicitly converted to floats before being interpolated into command strings, which prevents shell command injection. - [PROMPT_INJECTION]: The skill processes external data files that are a potential surface for indirect prompt injection.
- Ingestion points:
clip_plan.json,narration.json, andsilence_periods.jsonare loaded and parsed inscripts/cut.py. - Boundary markers: Absent; there are no explicit delimiters or instructions for the agent to ignore embedded content within these files.
- Capability inventory: The skill has the ability to write files to the workspace and execute system commands (
ffmpeg). - Sanitization: The skill performs type-casting to
floatandintfor all timing and ID data, effectively sanitizing the inputs used in system calls. Thereasontext field is only used for logging and is not passed to executable contexts.
Audit Metadata