veo-use
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behavior, obfuscation, or unauthorized data access patterns were found. The skill follows best practices by using environment variables for authentication and leveraging official libraries.\n- Indirect Prompt Injection (LOW): The scripts ingest user-provided prompts and media files which are passed to an external AI model. While this represents a standard attack surface for LLM-based tools, there is no evidence of malicious exploitation within the skill itself.\n
- Ingestion points: Command-line arguments such as
--prompt,--image,--video, and--maskinedit_video.py,extend_video.py,image_to_video.py,reference_to_video.py, andtext_to_video.py.\n - Boundary markers (absent): No delimiters or specific 'ignore embedded instructions' warnings are applied to the user-provided prompts before being sent to the API.\n
- Capability inventory: The skill possesses the capability to make network requests to Google GenAI APIs (
client.models.generate_videos) and write files to the local filesystem (vid.video.save).\n - Sanitization (absent): No explicit sanitization, escaping, or validation of the input prompt is performed by the scripts prior to API submission.
Audit Metadata