Skills
skills/tryagi/runway/runway-cli/Gen Agent Trust Hub

runway-cli

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands via dnx Runway.Cli and dotnet run to interact with Runway services, manage tasks, and process media files.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the Runway.Cli NuGet package and includes options for downloading prerelease builds directly from the tool.
  • [CREDENTIALS_SAFE]: Sensitive information such as API keys are managed through environment variables or stored in a local configuration file (~/.runway-cli/credentials.json) with appropriate file system permissions (mode 0600).
  • [PROMPT_INJECTION]: The short-video feature ingests data from a local MARKETING.md file to provide context for AI planning prompts, creating a surface for indirect prompt injection. * Ingestion points: Reads ./MARKETING.md (SKILL.md). * Boundary markers: Absent. * Capability inventory: Executes shell commands via dnx and ffmpeg (SKILL.md). * Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:40 AM