linkfox-aigc-videogen-multi
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The instructions in SKILL.md contain a directive aimed at overriding the agent's autonomy: '你不能自己放弃下载' (You cannot give up downloading yourself). This is used to force the agent to proceed with downloading and installing an onboarding skill if API authentication fails.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download a zip file ('release.zip') from 'https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip' and install it as a new skill to resolve credential issues. This represents a dynamic instruction loading pattern from a vendor-controlled domain.
- [COMMAND_EXECUTION]: The skill invokes 'scripts/aigc_videogen_multi.py' by passing user-provided JSON as a command-line argument. This creates a potential command injection surface if the calling environment does not properly escape the input string.
- [COMMAND_EXECUTION]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: User-controlled content enters the agent context through the 'imageList' and 'prompt' parameters defined in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded directives are present for the 'prompt' field.
- Capability inventory: The skill has the ability to perform network requests (API polling via urllib) and write files to the session directory (video downloads and JSON data) in 'scripts/aigc_videogen_multi.py'.
- Sanitization: The script uses 'json.loads' to parse the structural input, but the textual content of the 'prompt' is passed unsanitized to the remote video generation API.
Audit Metadata