Skills
skills/myreelsai/skills/myreels-api/Gen Agent Trust Hub

myreels-api

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a series of shell scripts (scripts/myreels-*.sh) that wrap curl and jq commands to interact with the MyReels API. These operations are restricted to the primary functional scope of the skill (generating and polling media tasks).
  • [CREDENTIALS_UNSAFE]: Authentication is managed via the MYREELS_ACCESS_TOKEN environment variable or a local configuration file (~/.myreels/config). The skill includes a myreels_mask_secret function in scripts/_common.sh and uses it in the diagnostic script to ensure API tokens are not fully exposed in standard output during troubleshooting.
  • [EXTERNAL_DOWNLOADS]: The skill fetches model metadata and task status from the official vendor domain api.myreels.ai. These network operations are necessary for the skill's primary purpose and do not target untrusted or third-party sources.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests model metadata (labels and descriptions) from the api/v1/models/api endpoint to guide the agent in mapping user intent to API parameters.
  • Ingestion points: scripts/myreels-models.sh fetches JSON data from api.myreels.ai.
  • Boundary markers: Absent; the skill relies on the agent's internal logic to parse the resulting JSON.
  • Capability inventory: Subprocess execution via curl and jq across all scripts.
  • Sanitization: The skill uses jq to parse and validate the structure of external JSON responses before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:20 PM