tensorslab-video
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: User-provided prompts and image paths in
scripts/tensorslab_video.pyare used to construct API requests.\n - Boundary markers: The skill does not use delimiters to isolate user-supplied prompt text from internal instructions during API communication.\n
- Capability inventory: The Python script can make network requests and write generated video files to the local file system (
~/tensorslab_output).\n - Sanitization: No sanitization or validation logic is applied to the input parameters before they are transmitted to the external API.\n- [EXTERNAL_DOWNLOADS]: Downloads generated video files from the TensorsLab infrastructure.\n
- Evidence: The
download_videofunction inscripts/tensorslab_video.pyfetches data from URLs provided in the API task status response.\n - Source: These downloads originate from the vendor's own domains (
tensorslab.com).\n- [COMMAND_EXECUTION]: Executes a local script to process video generation requests.\n - Evidence: The skill's primary workflow involves the agent running
python scripts/tensorslab_video.pywith various command-line arguments.
Audit Metadata