make-a-video
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several local Bash scripts to manage its workflow. These scripts utilize standard system utilities like
curlfor API communication,jqfor JSON manipulation, andfilefor metadata detection. This is the intended operation of the skill and follows standard CLI development practices. - [EXTERNAL_DOWNLOADS]: The
pexo-asset-get.shscript is capable of downloading media assets (videos, images, and audio) from signed URLs provided by the Pexo API. These downloads are directed to a local cache directory (~/.pexo/tmp/) and are necessary for the skill to deliver generated content to the user. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes and relays data from the external Pexo API to the agent.
- Ingestion points: Untrusted data from the Pexo service enters the agent's context through
pexo-project-get.sh, which fetches project history and messages from the API. - Boundary markers: The skill instructions do not employ specific boundary markers or delimiters when relaying API content, instructing the agent to pass the text directly.
- Capability inventory: The skill has the ability to execute subprocesses (Bash scripts), perform network requests, and write files to the local directory
~/.pexo/tmp/. - Sanitization: While the scripts use
jqfor structural parsing of API responses, the natural language content is processed by the AI without further sanitization. This risk is considered inherent to the skill's primary function as a service relay.
- Ingestion points: Untrusted data from the Pexo service enters the agent's context through
Audit Metadata