chanjing-video-compose
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages API credentials by reading from and writing to
~/.chanjing/credentials.json. This is used to store the application ID, secret key, and access tokens required for authentication with the Chanjing platform. - [EXTERNAL_DOWNLOADS]: Scripts such as
scripts/download_resultandscripts/upload_fileperform network operations to transfer media files and synthesis results. These operations target the vendor's official infrastructure (*.chanjing.cc) and associated signed URLs. - [COMMAND_EXECUTION]: The authentication module
scripts/_auth.pyutilizessubprocess.runto invoke a helper script from thechanjing-credentials-guardskill. This is a controlled execution of a specific local file used to trigger the vendor's login workflow when credentials are missing. - [PROMPT_INJECTION]: The skill ingests untrusted data that could be leveraged for indirect prompt injection attacks.
- Ingestion points: User-supplied text provided to the
--textargument inscripts/create_task, as well as remote audio and background resources fetched via--wav-urlor--bg-src-url. - Boundary markers: The scripts do not employ delimiters or explicit instructions to the model to ignore embedded commands within the processed data.
- Capability inventory: The skill has the capability to write files to the local disk (
scripts/download_result), execute local subprocesses (scripts/_auth.py), and perform network requests to external APIs. - Sanitization: No sanitization, filtering, or validation of the input text content is performed before it is transmitted to the synthesis API.
Audit Metadata