ai-video-generation
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from external sources.
- Ingestion points: Untrusted data enters the agent context through the
materialText,materialUrl, andmaterialFileparameters defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: The skill lacks explicit boundary markers or instructions to the model to ignore potential instructions embedded within the user-supplied materials.
- Capability inventory: The skill uses a Python runner script (
scripts/run.py) to transmit this data to an external API for analysis and synthesis. - Sanitization: No sanitization or validation logic for the content of these inputs is present in the provided scripts.
- [SAFE]: The skill performs expected network operations to its own vendor infrastructure.
- The script
scripts/run.pymakes HTTPS requests toai-skills.ai, which is the official domain of the skill author. - It correctly utilizes environment variables (
AISKILLS_API_KEY) for authentication rather than hardcoding credentials. - The use of a custom User-Agent to ensure compatibility with the vendor's API gateway is a standard operational practice.
Audit Metadata