context-to-video

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches pre-trained machine learning models and weight files from official GitHub repositories of recognized organizations to enable avatar and face-repair functionality.
  • Evidence: The script scripts/download_models.ps1 downloads model checkpoints from repositories under the OpenTalker, xinntao, and TencentARC GitHub organizations.
  • [COMMAND_EXECUTION]: Executes FFmpeg for media processing and local Python scripts for AI inference tasks.
  • Evidence: scripts/build_video.py and scripts/add_avatar.py use subprocess.run to call ffmpeg and local scripts like inference.py using list-based arguments for parameter passing.
  • [PROMPT_INJECTION]: The skill processes external data (URLs, PR diffs, and documents) to generate video scripts, which presents a surface for indirect prompt injection.
  • Ingestion points: Untrusted content enters the pipeline via the web_fetch tool (for URLs) or by reading local files such as meeting notes and release logs.
  • Boundary markers: No explicit delimiters or "ignore instructions" warnings are implemented in the prompts that synthesize input data into the script.json schema.
  • Capability inventory: The skill can execute shell commands (via FFmpeg), perform network operations (TTS and YouTube APIs), and read/write files within the project workspace.
  • Sanitization: Data is processed through an LLM summarization step which structures the content into a fixed JSON schema before it is consumed by the rendering scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:34 AM
Security Audit — agent-trust-hub — context-to-video