video-storyboard-review
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://ai-skills.ai/api/executeto perform its primary function. This destination is consistent with the vendor's stated purpose and official documentation. - [COMMAND_EXECUTION]: The skill includes a Python runner script (
scripts/run.py) intended to be executed by the agent to interact with the backend API. The script uses standard Python libraries to handle HTTP requests and parameters. - [PROMPT_INJECTION]: The skill accepts external input from user-provided URLs (
materialUrl), files (materialFile), and text (materialText). This creates a surface for indirect prompt injection, which is expected for analysis-based skills. - Ingestion points:
materialUrl,materialFile, andmaterialTextparameters defined inreferences/form-schema.json. - Boundary markers: None explicitly defined in the provided
openai.yamlprompt template. - Capability inventory: Network requests to the vendor's API via
scripts/run.pyand file reading (implied by binary format support). - Sanitization: No explicit sanitization or validation logic is present in the provided client-side script.
Audit Metadata