Skills
skills/yfge/video-skills-suite/video-to-text/Gen Agent Trust Hub

video-to-text

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the whisperx library and downloads pre-trained models from Hugging Face for speaker diarization. Hugging Face is a well-known and trusted service for hosting AI models.
  • [COMMAND_EXECUTION]: The script scripts/transcribe.py executes the ffmpeg utility using the subprocess.run method with an argument list. This is a secure implementation that avoids shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill processes untrusted audio and video files, creating a surface for indirect prompt injection.
  • Ingestion points: Input video and audio files provided to the transcription script.
  • Boundary markers: No delimiters are used to wrap the transcribed content.
  • Capability inventory: The skill can write files to the system and execute ffmpeg commands.
  • Sanitization: No sanitization or safety checks are performed on the output transcript text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:02 AM