website-to-video

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill captures and processes content from external URLs to generate video scenes, creating a surface for indirect prompt injection.\n
  • Ingestion points: The skill captures target website routes, browser states, and assets during the workflow (SKILL.md).\n
  • Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the captured website content.\n
  • Capability inventory: The skill involves preparing and executing shell commands for rendering artifacts (SKILL.md).\n
  • Sanitization: No sanitization steps are defined for the website data processed by the agent.\n- [COMMAND_EXECUTION]: The skill directs the agent to prepare and execute render and preview commands for the resulting video projects. While this is expected behavior for the skill's purpose, it represents a capability that could be targeted via the indirect prompt injection surface mentioned above.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM