video-storyboard-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://ai-skills.ai/api/execute to perform its primary function. This destination is consistent with the vendor's stated purpose and official documentation.
  • [COMMAND_EXECUTION]: The skill includes a Python runner script (scripts/run.py) intended to be executed by the agent to interact with the backend API. The script uses standard Python libraries to handle HTTP requests and parameters.
  • [PROMPT_INJECTION]: The skill accepts external input from user-provided URLs (materialUrl), files (materialFile), and text (materialText). This creates a surface for indirect prompt injection, which is expected for analysis-based skills.
  • Ingestion points: materialUrl, materialFile, and materialText parameters defined in references/form-schema.json.
  • Boundary markers: None explicitly defined in the provided openai.yaml prompt template.
  • Capability inventory: Network requests to the vendor's API via scripts/run.py and file reading (implied by binary format support).
  • Sanitization: No explicit sanitization or validation logic is present in the provided client-side script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — video-storyboard-review