comic-drama-master
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The instructions in
SKILL.mdandreferences/storyboard-director.mdadvise the agent on techniques to bypass downstream video generation API safety filters. It explicitly guides the agent to use euphemisms (e.g., replacing 'blood' or 'war' with 'spiritual energy' or 'confrontation') to avoid 'OutputVideoSensitiveContentDetected' rejections. - [COMMAND_EXECUTION]: The skill executes system commands via
subprocessinscripts/video_merge.pyandscripts/video_scorer.pyto perform video merging usingffmpegand metadata analysis usingffprobe. - [COMMAND_EXECUTION]: Orchestration instructions in
SKILL.mdandreferences/video-synthesizer.mddirect the agent to install system-level dependencies using package managers such asapt-get,yum, andbrew, including the use ofsudofor administrative installations on Linux environments. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs standard system utilities (
ffmpeg) and official Python SDKs (volcenginesdkarkruntime,tos,veadk) from trusted package registries and official repositories to support video generation and cloud storage operations. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted user story ideas and external web search results which are then interpolated into complex prompts for screenplay and video generation without robust sanitization.
Audit Metadata