veo
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill accepts a
--promptargument that is passed directly to the Google Veo API. - Ingestion points:
args.promptinscripts/generate_video.py. - Boundary markers: Absent. The input is interpolated directly into the API request.
- Capability inventory: File system write (
generated_video.video.save), network access (Google API calls), and directory creation. - Sanitization: Absent. There is no filtering or validation of the prompt content before transmission.
- [Arbitrary File Write] (MEDIUM): The
--filenameargument is converted to aPathobject and used to create directories and save files without validation. - Evidence:
output_path = Path(args.filename)followed byoutput_path.parent.mkdir(...)andgenerated_video.video.save(str(output_path))inscripts/generate_video.py. - Risk: An attacker could provide a path like
../../.bashrcto overwrite sensitive user files if the agent executes the tool with broad permissions. - [External Downloads] (LOW): The script downloads the generated video file from Google's servers.
- Evidence:
client.files.download(file=generated_video.video)inscripts/generate_video.py. - Status: Target is a Google API, which is a trusted source, but the download is triggered by untrusted user input.
Audit Metadata