video-generate
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through user-controlled inputs.
- Ingestion points: The
promptand various media URL parameters (first_frame, last_frame, reference_images, reference_videos, reference_audios) inscripts/video_generate.pyallow untrusted data to enter the agent context. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the user-provided data.
- Capability inventory: The script
scripts/video_generate.pyperforms network requests using thehttpxlibrary to ByteDance APIs. - Sanitization: No sanitization or validation of the content of the provided URLs or text prompts is performed before they are sent to the generation model.
- [EXTERNAL_DOWNLOADS]: The skill interacts with ByteDance's official Volcengine API (ark.cn-beijing.volces.com). This is recognized as a trusted vendor resource for the 'bytedance' author and does not escalate the severity.
Audit Metadata