context-to-video
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches pre-trained machine learning models and weight files from official GitHub repositories of recognized organizations to enable avatar and face-repair functionality.
- Evidence: The script
scripts/download_models.ps1downloads model checkpoints from repositories under the OpenTalker, xinntao, and TencentARC GitHub organizations. - [COMMAND_EXECUTION]: Executes FFmpeg for media processing and local Python scripts for AI inference tasks.
- Evidence:
scripts/build_video.pyandscripts/add_avatar.pyusesubprocess.runto callffmpegand local scripts likeinference.pyusing list-based arguments for parameter passing. - [PROMPT_INJECTION]: The skill processes external data (URLs, PR diffs, and documents) to generate video scripts, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted content enters the pipeline via the
web_fetchtool (for URLs) or by reading local files such as meeting notes and release logs. - Boundary markers: No explicit delimiters or "ignore instructions" warnings are implemented in the prompts that synthesize input data into the
script.jsonschema. - Capability inventory: The skill can execute shell commands (via FFmpeg), perform network operations (TTS and YouTube APIs), and read/write files within the project workspace.
- Sanitization: Data is processed through an LLM summarization step which structures the content into a fixed JSON schema before it is consumed by the rendering scripts.
Audit Metadata