storyboard-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user stories and scripts to generate prompts for media creation tools.
- Ingestion points: User-provided story ideas, scripts, and conceptual descriptions (Step 1).
- Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions in the user's input.
- Capability inventory: Access to
draw_one_imageanddraw_one_videotools (Steps 3 and 4). - Sanitization: The skill provides guidance on escaping JavaScript strings to prevent UI breakage, but does not provide sanitization or filtering for the natural language prompts sent to the image/video generation engines.
- [Data Exposure & Exfiltration] (LOW): The documentation suggests using
picsum.photosfor placeholder images in the generated storyboard HTML. - Evidence: The "Placeholder Image Service" section recommends
https://picsum.photos/seed/...as an external source. While benign for this use-case, it is a non-whitelisted domain used for network requests in the output. - [Dynamic Execution] (LOW): The troubleshooting section (FAQ) contains a Node.js snippet that uses
new Function()to validate JavaScript syntax in the generated HTML. - Evidence: The shell command
node -e "... new Function(scriptMatch[1]); ..."performs a check on the generatedstoryboard.html. If an agent were to execute this automatically on a file containing unescaped user-controlled descriptions, it could lead to code execution in the troubleshooting context.
Audit Metadata