generate-video
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface as it accepts user-provided text prompts and interpolates them into instructions sent to external generative AI models.
- Ingestion points: User-provided prompt captured in
scripts/generate.ts. - Boundary markers: Absent; user input is directly combined with style hints.
- Capability inventory: The skill can perform network requests to external APIs, write files to the local file system, and execute internal scripts via
bun. - Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill uses the
bunruntime to execute its own scripts and helper tools, which is the intended method for providing video generation functionality. - [EXTERNAL_DOWNLOADS]: The skill initiates network connections to well-known and reputable services, including the Google Gemini API and Replicate, to process video and image generation requests.
- [REMOTE_CODE_EXECUTION]: The skill's main script performs dynamic path resolution and imports to locate shared vendor utilities, including reading local configuration from the agent's plugin directory to determine installation paths.
Audit Metadata