Skills
skills/t0ugh/videoclaw/video-quick-create/Gen Agent Trust Hub

video-quick-create

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation and use of videoclaw, a package downloaded from an external registry via uvx.
  • [COMMAND_EXECUTION]: The skill executes the videoclaw i2v shell command to perform image-to-video generation based on generated storyboards and assets.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user ideas to generate storyboards that are then passed to a shell command.
  • Ingestion points: User input is captured through the AskUserQuestion tool in Step 1 and Step 2.
  • Boundary markers: The skill does not use delimiters or instructions to ignore embedded commands when interpolating user content into prompts.
  • Capability inventory: The skill has the capability to write files to the local project directory and execute shell commands (videoclaw).
  • Sanitization: There are no instructions for sanitizing, escaping, or validating the user-provided text before it is processed or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:15 PM
Security Audit — agent-trust-hub — video-quick-create