video-generation
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions in
SKILL.mdthat attempt to bypass security analysis by explicitly directing the agent not to inspect the execution script ("Do NOT read the python file") and to ignore specific workspace directories ("You don't need to check the folder under /mnt/user-data"). - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection:
- Ingestion points: User-provided video requirements and style preferences processed in
SKILL.md. - Boundary markers: Absent; user input is directly incorporated into prompt files without delimiters or safety instructions.
- Capability inventory: Local script execution and network access in
scripts/generate.py. - Sanitization: None; input strings and file paths are used directly in file and network operations.
- [DATA_EXFILTRATION]: The script
scripts/generate.pyreads contents from local files specified via the--prompt-fileand--reference-imagesarguments and transmits them to an external API. This could be used to expose sensitive information if the agent is manipulated into using paths to credentials or private configuration files. - [COMMAND_EXECUTION]: The skill executes a local Python script in
scripts/generate.pywith arguments derived from user input, which presents a risk of parameter manipulation if the input is not strictly validated. - [EXTERNAL_DOWNLOADS]: Fetches generated content from Google's official Gemini API, which is a well-known and trusted service.
Audit Metadata