eachlabs-video-edit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): Authentication is handled correctly via environment variables (
EACHLABS_API_KEY) and placeholders. No sensitive local file access or hardcoded credentials were found. - [Obfuscation] (SAFE): The skill content is clear and uses no encoding or hidden characters.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external package installations or remote script executions (e.g., curl | bash) are present.
- [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface that could be used for indirect prompt injection.
- Ingestion points: The skill accepts
video_url,audio_url, andpromptfrom user input (SKILL.md). - Boundary markers: Absent; user inputs are interpolated directly into API request payloads.
- Capability inventory: Makes network requests (GET/POST) to
api.eachlabs.ai. - Sanitization: None specified in the provided instructions.
Audit Metadata