Skills
skills/delneg/nano-banana-pro-skill-grsai-com/veo3-1/Gen Agent Trust Hub

veo3-1

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation provides a command to install the uv tool from astral.sh using a shell script. This is a standard installation method for a trusted and well-known developer utility.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to grsaiapi.com and downloads video files from that API, which involves communication with a non-whitelisted domain.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its handling of user-controllable inputs.
  • Ingestion points: The --prompt and --filename arguments in scripts/generate_video.py receive data from the user or agent.
  • Boundary markers: The script does not utilize boundary markers to isolate the user-provided prompt from the rest of the application logic.
  • Capability inventory: The script is capable of making external network requests and writing files to the local filesystem.
  • Sanitization: The script fails to sanitize or validate the provided filename, which could lead to path traversal vulnerabilities if an attacker-controlled input is used for the output path.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 07:58 AM