citedy-video-shorts
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references installation via the Smithery CLI and GitHub. These are standard methods for obtaining the vendor's package.
- [DATA_EXFILTRATION]: The skill transmits data to www.citedy.com to facilitate video generation and publishing. This is a functional requirement for the service and targets the vendor's own infrastructure.
- [COMMAND_EXECUTION]: Includes utility scripts (scripts/register.mjs and scripts/self-test.sh) used for registration and environment validation. These scripts are intended for manual execution by the user.
- [PROMPT_INJECTION]: The skill acts as an orchestrator that ingests user-provided text (topics, product angles) to generate video scripts, creating a surface for indirect prompt injection.
- Ingestion points: User-supplied input in the SKILL.md orchestration flow (topics, angles, and campaign ideas).
- Boundary markers: Absent; there are no explicit delimiters instructed for separating untrusted user data from generated prompt templates.
- Capability inventory: The skill has capabilities to perform network requests (REST/MCP) and write to local state files.
- Sanitization: Not present; the skill depends on the model's internal safety guardrails for the generated script content.
Audit Metadata