hailuo-video
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided prompts and external image links, creating an indirect prompt injection surface. This allows for the possibility of malicious instructions being introduced via the prompt field or the content at the destination of the image URL.\n
- Ingestion points: Data enters the workflow through the prompt and first_image_url parameters in the request payload.\n
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the processed data.\n
- Capability inventory: The skill demonstrates network communication capabilities via curl to the vendor's API endpoint.\n
- Sanitization: No explicit sanitization or validation of input URLs or prompt content is described.\n- [SAFE]: The skill uses curl to interact with its official vendor domain api.acedata.cloud. This network activity is consistent with the skill's primary purpose and targets legitimate infrastructure. Furthermore, the skill promotes secure credential management by instructing users to store API tokens in environment variables.
Audit Metadata