claude-video-promo
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a series of localized Python scripts and Node.js commands for media search, analysis, and video rendering.
- [EXTERNAL_DOWNLOADS]: The pipeline fetches stock video and audio assets from well-known and reputable services, specifically Pixabay and Pexels.
- [PROMPT_INJECTION]: The skill ingests untrusted user data for headlines and voiceovers, which are passed as arguments to shell commands. Ingestion points: user-provided headline, subtext, and voiceover text (SKILL.md). Boundary markers: Absent. Capability inventory: Bash tool for running scripts and rendering (SKILL.md). Sanitization: Not explicitly detailed in the workflow.
- [SAFE]: Credentials for third-party APIs are managed via environment variables (PIXABAY_API_KEY, PEXELS_API_KEY), following standard secure practices for secret management.
Audit Metadata