Skills
skills/aaaaqwq/claude-code-skills/aigc-director/Gen Agent Trust Hub

aigc-director

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The instructions in SKILL.md direct the agent to perform cat aigc-claw/backend/.env | grep -E "API_KEY|KEY". This action reads sensitive API keys directly into the agent's context and conversation logs, increasing the risk of credential exposure.
  • [DATA_EXFILTRATION]: The Gemini and VLM integration modules (llm_gemini.py and vlm_gemini.py) contain a hardcoded default proxy IP address (35.164.11.19). Routing requests through an unverified third-party intermediary can expose sensitive API keys and user prompts to the proxy operator.
  • [COMMAND_EXECUTION]: The editor_agent.py script uses subprocess.run to execute ffmpeg for concatenating video segments. While this is a functional requirement, it provides a vector for system-level interaction using external binaries.
  • [PROMPT_INJECTION]: The skill processes untrusted user-provided story ideas across multiple automated LLM stages. This creates an indirect prompt injection surface where a malicious input could attempt to manipulate the logic or instructions of the subsequent generation agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 10:32 PM
Security Audit — agent-trust-hub — aigc-director