make-a-video

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on several local Bash scripts to manage its workflow. These scripts utilize standard system utilities like curl for API communication, jq for JSON manipulation, and file for metadata detection. This is the intended operation of the skill and follows standard CLI development practices.
  • [EXTERNAL_DOWNLOADS]: The pexo-asset-get.sh script is capable of downloading media assets (videos, images, and audio) from signed URLs provided by the Pexo API. These downloads are directed to a local cache directory (~/.pexo/tmp/) and are necessary for the skill to deliver generated content to the user.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes and relays data from the external Pexo API to the agent.
    • Ingestion points: Untrusted data from the Pexo service enters the agent's context through pexo-project-get.sh, which fetches project history and messages from the API.
    • Boundary markers: The skill instructions do not employ specific boundary markers or delimiters when relaying API content, instructing the agent to pass the text directly.
    • Capability inventory: The skill has the ability to execute subprocesses (Bash scripts), perform network requests, and write files to the local directory ~/.pexo/tmp/.
    • Sanitization: While the scripts use jq for structural parsing of API responses, the natural language content is processed by the AI without further sanitization. This risk is considered inherent to the skill's primary function as a service relay.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:14 AM
Security Audit — agent-trust-hub — make-a-video