product-reel-generator

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use FFmpeg for video composition, Ken Burns effects, and stitching scenes. It also executes a local Python helper script (scripts/higgsfield_video.py) to manage API requests. These are legitimate uses of the agent's capabilities for video production.
  • [EXTERNAL_DOWNLOADS]: The skill fetches product images from user-provided URLs and downloads royalty-free background music from well-known sources like Incompetech. These operations are core to the skill's functionality.
  • [DATA_EXFILTRATION]: The skill transmits image URLs to the Higgsfield AI API (platform.higgsfield.ai) to generate animated video clips. This is a functional requirement. The skill correctly manages API credentials by advising their storage in a .env file rather than hardcoding them.
  • [PROMPT_INJECTION]: The skill processes external e-commerce content to extract image URLs, creating an indirect prompt injection surface.
  • Ingestion points: Product page URL (processed in SKILL.md Step 1).
  • Boundary markers: Absent.
  • Capability inventory: Shell execution (FFmpeg, curl), file system access (Write, Edit), and network operations (urllib in scripts/higgsfield_video.py).
  • Sanitization: Absent; the skill relies on image property heuristics (dimensions and file size) to filter content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — product-reel-generator