Skills
skills/t0ugh/videoclaw/video-t2i/Gen Agent Trust Hub

video-t2i

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the videoclaw command-line utility to interact with various image generation models.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the user to use uvx videoclaw, which results in the download and execution of the videoclaw package from a public registry.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by passing user-supplied text directly into the --prompt argument of a shell command.
  • Ingestion points: User input entering via the -p or --prompt parameter in SKILL.md examples.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are utilized for the prompt input.
  • Capability inventory: The skill possesses the capability to execute shell commands via the videoclaw tool.
  • Sanitization: There is no evidence of sanitization or escaping applied to the user-provided prompt before it is passed to the command line.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:40 AM
Security Audit — agent-trust-hub — video-t2i