video-generate
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions directing the agent to modify environment variable files within the workspace if specific script errors occur. While intended for configuration, such instructions could potentially be manipulated to perform unauthorized file writes if the error condition is triggered maliciously.
- [EXTERNAL_DOWNLOADS]: Communicates with the ByteDance Ark API at ark.cn-beijing.volces.com to submit video generation tasks and retrieve results. This is a vendor-managed service used for the skill's primary functionality.
- [COMMAND_EXECUTION]: The agent is instructed to perform file system operations, such as writing to local configuration files and refreshing environment variables, upon detecting missing credentials. This behavior involves the agent executing shell-level operations based on instructions in the skill documentation.
Audit Metadata