Skills
skills/bluewaves-creations/bluewaves-skills/video-from-image/Gen Agent Trust Hub

video-from-image

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill depends on the fal-client Python package, which is an external dependency not included in the trusted repositories list.\n- DATA_EXFILTRATION (LOW): The primary purpose of the skill is to upload user images and text prompts to the external fal.ai API. This represents intentional data exposure to a third-party service.\n- COMMAND_EXECUTION (LOW): The skill uses the Bash tool to execute a local Python script (scripts/fal_generate.py) to perform its tasks.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it processes user-provided descriptions without sanitization.\n
  • Ingestion points: The prompt and image_url parameters defined in SKILL.md.\n
  • Boundary markers: None; there are no delimiters or 'ignore' instructions provided to isolate the user input.\n
  • Capability inventory: The skill has access to Bash, Read, and Write tools, which could be abused if an injected instruction is followed by the agent.\n
  • Sanitization: No sanitization or validation logic for the input prompt is described or implemented in the provided files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 08:22 AM