linkfox-aigc-videogen-multi

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The instructions in SKILL.md contain a directive aimed at overriding the agent's autonomy: '你不能自己放弃下载' (You cannot give up downloading yourself). This is used to force the agent to proceed with downloading and installing an onboarding skill if API authentication fails.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download a zip file ('release.zip') from 'https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip' and install it as a new skill to resolve credential issues. This represents a dynamic instruction loading pattern from a vendor-controlled domain.
  • [COMMAND_EXECUTION]: The skill invokes 'scripts/aigc_videogen_multi.py' by passing user-provided JSON as a command-line argument. This creates a potential command injection surface if the calling environment does not properly escape the input string.
  • [COMMAND_EXECUTION]: Indirect Prompt Injection Surface Analysis:
  • Ingestion points: User-controlled content enters the agent context through the 'imageList' and 'prompt' parameters defined in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded directives are present for the 'prompt' field.
  • Capability inventory: The skill has the ability to perform network requests (API polling via urllib) and write files to the session directory (video downloads and JSON data) in 'scripts/aigc_videogen_multi.py'.
  • Sanitization: The script uses 'json.loads' to parse the structural input, but the textual content of the 'prompt' is passed unsanitized to the remote video generation API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM