Skills
skills/tfcbot/agent-video-team/director-frame-gen/Gen Agent Trust Hub

director-frame-gen

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Connects to the api.kie.ai endpoint to initiate image generation tasks and monitor their progress. This is a legitimate integration with a well-known AI service provider.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it incorporates untrusted user data into its operations.
  • Ingestion points: Processes user-provided scene.prompt and sceneImageUrl values from SKILL.md.
  • Boundary markers: Lacks delimiters to separate user data from the skill's instructions.
  • Capability inventory: Makes network requests to an external API using an environment-stored API key.
  • Sanitization: No input validation or sanitization steps are documented for the user-controlled fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 01:54 AM
Security Audit — agent-trust-hub — director-frame-gen