generate-video

Warn

Audited by Snyk on Jul 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The runtime workflow fetches and renders a user-supplied web page URL via Chromium CDP (Page.navigate to <url> and then Page.captureScreenshot), so any outsider-authored free text on that page can be ingested into the LLM context if the agent uses the page content as part of its reasoning (indirect prompt injection risk via arbitrary web content).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing system packages with sudo (e.g., "sudo apt-get update && sudo apt-get install -y ffmpeg") and runs system-level commands (starting headless Chromium, cloudflared, serving files) which request elevated privileges and modify the machine state.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 06:39 PM
Issues
2
Security Audit — snyk — generate-video