sora
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for handling API keys, instructing the agent to use environment variables and specifically forbidding the agent from asking the user to paste keys in plain text.
- [COMMAND_EXECUTION]: The skill utilizes a bundled Python script (
scripts/sora.py) to manage video generation tasks. The script is well-written, uses standard libraries (argparse, asyncio), and implements dry-run modes for testing without API calls. - [EXTERNAL_DOWNLOADS]: The skill connects to OpenAI's official API to generate and download video content. OpenAI is a well-known and trusted service provider.
- [PROMPT_INJECTION]: The skill contains internal guardrails (e.g., 'Only content suitable for audiences under 18', 'No real people') designed to ensure safe and ethical AI output, rather than attempting to bypass safety filters.
Audit Metadata