realistic-ugc-video
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted user content and passes it directly to subagents and local execution tools. 1. Ingestion points: User-provided 'Character description' and 'Script' requirements defined in Phase 1 of SKILL.md. 2. Boundary markers: Absent; the skill does not use delimiters or clear separation between system instructions and user-provided script chunks. 3. Capability inventory: The skill has access to the 'Bash' tool for local script execution and the 'Task' tool for spawning background subagents. 4. Sanitization: None; user scripts are used directly in the movement prompts and subagent tasking.
- [Command Execution] (MEDIUM): The skill executes a local shell script located at '~/.claude/skills/nano-banana/scripts/generate.sh'. It passes an 'enhanced prompt' derived from untrusted user descriptions as a shell argument, which presents a shell injection risk if the target script does not handle arguments securely.
Recommendations
- AI detected serious security threats
Audit Metadata