spark-video-episode
Fail
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the 'uv' package manager from its official domain (astral.sh) and clones craft reference repositories from the Shanyin-ai organization on GitHub. These are recognized as well-known technology services and are intended for the skill's setup.
- [REMOTE_CODE_EXECUTION]: The
doctor.shscript suggests a command to install theuvtool by piping a remote script directly into the shell (curl | sh). Additionally,render_shot.pydynamically loads provider modules usingimportlib.import_modulebased on configuration values, which constitutes dynamic execution from computed paths. - [COMMAND_EXECUTION]: Numerous scripts, including
render_shot.py,render_all.py,stitch.py, and helpers inlib/ffmpeg_helpers.py, usesubprocess.runto execute system binaries such asffmpegandffprobe, as well as to coordinate internal Python script execution. - [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface (Category 8). It processes untrusted story ideas (premises) and model-generated critiques to autonomously generate or rewrite video prompts.
- Ingestion points: Story premises are stored in
initialPrompt.md/premise.mdand critiques are read fromreviews/*.json. - Boundary markers: Explicit delimiters for external content are generally absent in the prompt construction logic.
- Capability inventory: The skill can execute shell commands via
subprocess.run, write files, and perform network API calls through the Bailian (bl) CLI. - Sanitization: There is no evidence of automated sanitization; the agent is expected to handle the input creatively.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata