veo3-1

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly shows and permits passing the API key as a --api-key command-line argument (and includes examples using that pattern), which encourages the LLM to include secret values verbatim in generated commands—even though an env var alternative is mentioned—creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is a direct link to a .sh installer on an unfamiliar domain and the skill recommends piping it into sh (curl ... | sh), which executes unreviewed remote code—an established high-risk malware distribution pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime script (scripts/generate_video.py) posts to external endpoints (GRSAI_VIDEO_URL and GRSAI_RESULT_URL at grsaiapi.com), parses their JSON fields (status, failure_reason, error, url) to decide success/failure and then downloads the returned video_url, so untrusted third-party API responses and returned URLs directly influence control flow and trigger further fetches.