video-planner

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch and WebSearch to download and analyze content from external websites, documentation, and search results based on user-provided topics and references.
  • [COMMAND_EXECUTION]: Uses filesystem tools like Read, Grep, and Glob to explore and analyze local code repositories when a user provides them as reference material for technical video scripting.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing untrusted data from the web and local codebases.
  • Ingestion points: External research content retrieved via WebFetch and repository data analyzed via Read/Grep/Glob (Step 2).
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands within the research data used to generate the final scripts.
  • Capability inventory: The skill possesses the ability to create and write multiple files to the local file system and invoke external/downstream skills for styling and design.
  • Sanitization: No explicit filtering or sanitization of the research data is mentioned before it is interpolated into the generated script templates.
  • Mitigation: A robust 'Fact Audit' (Step 8) is mandatory, requiring the agent to verify all technical points against official documentation and categorize them by source reliability, which serves as a major defense against malicious or incorrect content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:06 PM
Security Audit — agent-trust-hub — video-planner