comic-drama-master

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The instructions in SKILL.md and references/storyboard-director.md advise the agent on techniques to bypass downstream video generation API safety filters. It explicitly guides the agent to use euphemisms (e.g., replacing 'blood' or 'war' with 'spiritual energy' or 'confrontation') to avoid 'OutputVideoSensitiveContentDetected' rejections.
  • [COMMAND_EXECUTION]: The skill executes system commands via subprocess in scripts/video_merge.py and scripts/video_scorer.py to perform video merging using ffmpeg and metadata analysis using ffprobe.
  • [COMMAND_EXECUTION]: Orchestration instructions in SKILL.md and references/video-synthesizer.md direct the agent to install system-level dependencies using package managers such as apt-get, yum, and brew, including the use of sudo for administrative installations on Linux environments.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs standard system utilities (ffmpeg) and official Python SDKs (volcenginesdkarkruntime, tos, veadk) from trusted package registries and official repositories to support video generation and cloud storage operations.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted user story ideas and external web search results which are then interpolated into complex prompts for screenplay and video generation without robust sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 07:47 AM
Security Audit — agent-trust-hub — comic-drama-master