ogilvideo
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze and process untrusted external data such as brand strategies, datasets, and reference materials. This creates a surface for indirect prompt injection where malicious instructions embedded in these materials could attempt to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through the analysis of uploaded videos, brand datasets, and project inputs as defined in
SKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within processed data.
- Capability inventory: The agent can perform file-system operations (writing project files) via the
scripts/ogilvideo-brief.mjshelper script. - Sanitization: There is no documented validation or sanitization process for the input data before it is interpolated into the agent's planning and generation logic.
- [COMMAND_EXECUTION]: The skill includes automation scripts for production management.
scripts/ogilvideo-brief.mjscreates a suite of markdown files for project scaffolding based on user-provided parameters. - [COMMAND_EXECUTION]:
scripts/install-ogilvideo-hooks.shenables persistence within a development workflow by installing a Gitpre-pushhook. This hook automatically executes a local validation script (scripts/check-ogilvideo.mjs) to ensure project requirements are met before code is pushed.
Audit Metadata