sora
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes 'uv run --with openai' to dynamically install the OpenAI SDK. Under the [TRUST-SCOPE-RULE], this is a low-risk finding as 'openai' is a trusted package from a recognized organization.
- [COMMAND_EXECUTION] (LOW): The skill executes a local Python script ('scripts/sora.py'). Security is enhanced by the recommendation to use '--prompt-file' and '--no-augment' flags to mitigate shell-escaping and injection risks when processing user-controlled strings.
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: User-provided prompts, batch JSONL files (SKILL.md), and reference images (references/video-api.md). 2. Boundary markers: Use of structured prompt augmentation templates with labeled sections (Scene, Subject, Action, etc.). 3. Capability inventory: Subprocess execution via 'uv run', file system write access for temporary files, and outbound network access to the OpenAI API. 4. Sanitization: Relies on OpenAI API-side content guardrails (no real people, no copyrighted content) and provides explicit instructions for the agent to avoid shell-escaping issues.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly handles 'OPENAI_API_KEY' as an environment variable and explicitly instructs the agent never to ask the user to paste the key directly into the chat session.
Audit Metadata