Skills
skills/echosell/creatok-skills/creatok-analyze-video/Gen Agent Trust Hub

creatok-analyze-video

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill retrieves and processes untrusted video transcripts and descriptions from a remote API, which can be exploited for indirect prompt injection attacks.
  • Ingestion points: lib/analyze-video.js fetches data from the CreatOK API and writes it to outputs/result.json and transcript/transcript.txt.
  • Boundary markers: The skill artifacts do not include delimiters or instructions to ignore embedded commands within the external data.
  • Capability inventory: The skill has capabilities for network communication via fetch and local file system write access via fs.writeFileSync.
  • Sanitization: No sanitization or filtering is performed on the content retrieved from the remote API before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:01 AM