concept-to-video
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements an automated 'auto-fix' and 'critic' loop in
scripts/render_video.pyandscripts/critic_pass.py. These scripts receive Python source code generated by a remote LLM (Anthropic API), write that code to the local filesystem, and then execute it via a subprocess call to the Manim engine. This creates a risk where malicious code could be generated and executed if the LLM's instructions are compromised. - [COMMAND_EXECUTION]: Multiple scripts including
scripts/render_video.py,scripts/add_audio.py, andscripts/critic_pass.pyusesubprocess.runto execute external system binaries such asmanim,ffmpeg, andffprobe. - [EXTERNAL_DOWNLOADS]: The
scripts/fetch_assets.pyscript downloads external media assets from the IconFinder API (api.iconfinder.com) based on storyboard requirements and stores them in the local temporary directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user concepts into structured storyboards that subsequently drive the code generation process.
- Ingestion points: The user-provided concept text enters the pipeline via
scripts/plan_storyboard.py. - Boundary markers: No boundary markers or instruction-following delimiters are present in the
references/code2video/planner.mdtemplate. - Capability inventory: The skill can perform file system writes and execute arbitrary Python code through the Manim engine as part of its rendering and fixup cycles.
- Sanitization: There is no evidence of sanitization or safety filtering applied to the user input before it is interpolated into LLM prompts.
Audit Metadata