muapi-ugc-video-factory
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted user input and interpolates it into prompts for downstream AI models without adequate sanitization or boundary markers.
- Ingestion points: The inputs 'script' and 'environment' defined in the 'Inputs' section of SKILL.md.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings used when interpolating these variables into the GPT prompt (Step 1) or the Seedance video prompt (Step 3).
- Capability inventory: The skill utilizes the 'muapi' CLI and network requests via 'curl' to generate images and videos. An injection could potentially manipulate the content of these generated assets.
- Sanitization: No evidence of input validation, escaping, or filtering was found for the text-based input fields before their use in automated prompt construction.
Audit Metadata