Skills
skills/doany-ai/skills/video-edit/Gen Agent Trust Hub

video-edit

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the @runcomfy/cli package from the npm registry to enable video processing capabilities.
  • [EXTERNAL_DOWNLOADS]: Downloads video and image assets from external, user-provided URLs for processing by the RunComfy models.
  • [COMMAND_EXECUTION]: Invokes the runcomfy CLI tool to perform video transformations, passing parameters through a JSON-formatted input string.
  • [CREDENTIALS_UNSAFE]: References the use of API tokens stored in ~/.config/runcomfy/token.json or the RUNCOMFY_TOKEN environment variable for service authentication.
  • [PROMPT_INJECTION]:
  • Ingestion points: User-supplied natural language prompts and media content from external URLs (found in SKILL.md).
  • Boundary markers: Commands use JSON encapsulation for inputs; the documentation states the CLI does not perform shell expansion on these prompts.
  • Capability inventory: Ability to execute the local runcomfy binary and write output files to a specified directory.
  • Sanitization: Relies on the RunComfy Model API's internal filters; documentation explicitly warns about the risks of image-based prompt injection from untrusted URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:25 PM