blitzreels-faceless
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network requests to
www.blitzreels.comusingcurlinscripts/blitzreels.sh. This domain is not on the trusted whitelist for network operations, although it is the intended backend for the skill. - [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected. The skill accepts user-provided topics and scripts which are interpolated into JSON bodies and sent to an external API.
- Ingestion points: User-provided topic/script via CLI arguments in
scripts/blitzreels.shandscripts/faceless.sh. - Boundary markers: Absent; the data is passed directly into the JSON request body without specific delimiters or instructions to the backend model to ignore embedded commands.
- Capability inventory: Network access via
curlto external APIs for video/image generation. - Sanitization: Absent; the provided scripts do not perform escaping or validation on the input text before sending it to the API.
Audit Metadata