Skills
skills/cloudai-x/world-labs-skills/world-labs-pano-video/Gen Agent Trust Hub

world-labs-pano-video

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill transmits data (media assets) to api.worldlabs.ai. While necessary for the skill's function, this domain is not within the pre-approved trusted whitelist.- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes external, untrusted content from user-provided URLs.
  • Ingestion points: The uri parameter in the API examples and file_path in the Python script allow input from external or local sources.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompts provided to the model.
  • Capability inventory: The skill uses the requests library to perform file reads and network POST/PUT operations, creating a path for data to leave the local environment.
  • Sanitization: There is no evidence of URL validation or content sanitization before the data is processed or sent to the API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 10:27 AM