chuangkit-skill
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized data exfiltration were detected. The skill's behavior is transparent and aligns with its stated purpose of facilitating image and video creation via the Chuangkit API.
- [COMMAND_EXECUTION]: The skill executes discrete Python scripts (
upload_file.py,send_message.py, etc.) to perform its tasks. These scripts use the Python standard library andargparsefor input handling, avoiding dangerous patterns likeeval()or unsanitized shell execution. - [EXTERNAL_DOWNLOADS]: The
download_results.pyscript downloads generated media assets from the vendor's official domain (gw.chuangkit.com). This is a core feature of the skill and uses standard library functions to retrieve files. - [CREDENTIALS_UNSAFE]: The skill adheres to security best practices by utilizing an environment variable (
CHUANGKIT_AGENT_SKILL_API_KEY) for authentication, ensuring that no sensitive API keys are hardcoded in the source files.
Audit Metadata