aliyun-happyhorse-i2v
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the 'requests' library from the standard Python Package Index (PyPI) to handle HTTP communication with the API.
- [COMMAND_EXECUTION]: The script 'scripts/i2v_happyhorse.py' executes network requests to Alibaba Cloud's DashScope endpoints (dashscope.aliyuncs.com) to submit video generation tasks and poll for results. This behavior is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill accepts user-provided text prompts and image URLs as input for video generation. While this constitutes an attack surface for indirect prompt injection (where malicious content in the prompt could influence the downstream AI model), it is a standard risk for AI-integrated tools and is managed by the provider's safety filters.
- Ingestion points: Input parameters 'prompt' and 'first_frame_url' in 'i2v_happyhorse.py' and 'SKILL.md'.
- Boundary markers: None present.
- Capability inventory: Performs network POST/GET requests using the 'requests' library.
- Sanitization: No explicit sanitization of input prompts or URLs is performed locally.
Audit Metadata