clipsketch-ai-video-storyboard
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating untrusted external data directly into AI prompts.\n
- Ingestion points: The variables
videoContext,selectedCopy, andcustomCharacterare used to build prompts for the Gemini API in thegenerateSocialCopy,generateCoverImage, andgenerateStoryboardfunctions.\n - Boundary markers: No delimiters or boundary markers (such as XML tags or clear separators) are used to isolate external content from the system instructions.\n
- Capability inventory: The skill calls the Gemini API (
gemini-3-pro-previewandgemini-3-pro-image-preview) to generate text and images based on these interpolated prompts.\n - Sanitization: There is no evidence of sanitization or validation of the input strings before they are embedded in the prompt strings.\n- [EXTERNAL_DOWNLOADS]: The skill instructions involve fetching resources from well-known external services.\n
- Evidence: Fetches project source code from a repository on GitHub (
github.com/RanFeng/clipsketch-ai.git) and references a container image on Docker Hub (earisty/clipsketch-ai:latest) for deployment.
Audit Metadata