ai-video-generation

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from external sources.
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialUrl, and materialFile parameters defined in SKILL.md and references/form-schema.json.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the model to ignore potential instructions embedded within the user-supplied materials.
  • Capability inventory: The skill uses a Python runner script (scripts/run.py) to transmit this data to an external API for analysis and synthesis.
  • Sanitization: No sanitization or validation logic for the content of these inputs is present in the provided scripts.
  • [SAFE]: The skill performs expected network operations to its own vendor infrastructure.
  • The script scripts/run.py makes HTTPS requests to ai-skills.ai, which is the official domain of the skill author.
  • It correctly utilizes environment variables (AISKILLS_API_KEY) for authentication rather than hardcoding credentials.
  • The use of a custom User-Agent to ensure compatibility with the vendor's API gateway is a standard operational practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-video-generation