video-generator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted text prompts and transmits them to external model providers.
- Ingestion points: The user-supplied prompt argument processed in scripts/generate_video.py.
- Boundary markers: None are present to wrap or delimit the user input within the API request payload.
- Capability inventory: The skill performs network communication with external APIs and writes files to the local disk in scripts/generate_video.py.
- Sanitization: The skill does not validate or sanitize the prompt content before sending it to the provider APIs.
- [EXTERNAL_DOWNLOADS]: The skill depends on external libraries and remote service interactions.
- Evidence: The documentation and script require the installation of google-genai and requests packages.
- Status: Dependencies originate from trusted organizations and official registries.
- Evidence: The script communicates with well-known service endpoints including api.openai.com and official Google Gemini endpoints.
Audit Metadata