Skills
skills/wulaosiji/skills/zhuoran-video-selfie/Gen Agent Trust Hub

zhuoran-video-selfie

Fail

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file zhuoran_video_selfie.py contains a hardcoded API key (API_KEY) for the WaveSpeed AI service.
  • Evidence: API_KEY = os.environ.get("WAVESPEED_KEY", "b9c67f3def268385bb9734970b11531f12ea24ae0d153859242e48ae46227668") in zhuoran_video_selfie.py.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute external Python scripts. It passes user-supplied inputs such as target_id and caption as arguments to these commands without sufficient validation.
  • Evidence: In scripts/zhuoran-video-selfie.py, a command is constructed and executed: cmd = ["python3", sender_path, video_path, target_id]. Similar logic exists in zhuoran_video_selfie.py inside the send_to_feishu function.
  • [EXTERNAL_DOWNLOADS]: The skill downloads video files from a dynamically retrieved URL provided by the WaveSpeed AI API and saves them to the local /tmp/ directory.
  • Evidence: The download_video function in zhuoran_video_selfie.py uses requests.get(video_url, stream=True) to fetch content from the video_url returned by the API task polling.
  • [INDIRECT_PROMPT_INJECTION]: The skill accepts scene names and captions from user input which are interpolated into API calls and message sending routines. While it uses predefined templates for prompts, the caption field is passed directly to downstream messaging tools, creating a surface for potential instruction injection in connected services.
Recommendations
  • HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 18, 2026, 01:11 AM
Security Audit — agent-trust-hub — zhuoran-video-selfie