video-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/generate_video.pyscript communicates with external APIs atapi.openai.comand Google Cloud services for video generation and downloading. These are well-known technology services and the interactions are necessary for the skill's functionality.\n- [COMMAND_EXECUTION]: The skill requires the execution of thegenerate_video.pyscript via CLI. It correctly interprets user-provided arguments to set generation parameters.\n- [DATA_EXPOSURE]: The script uses sensitive API keys (GEMINI_API_KEY,OPENAI_API_KEY) retrieved from the environment. This is a standard and secure practice for CLI tools.\n- [PROMPT_INJECTION]: The script ingests natural language prompts from the user, presenting a surface for indirect prompt injection.\n - Ingestion points: The
promptcommand-line argument inscripts/generate_video.py.\n - Boundary markers: Not present in the script logic.\n
- Capability inventory: Outbound network requests to AI service providers and local file system access for saving media files.\n
- Sanitization: None performed on the input prompt before transmission to external APIs.
Audit Metadata