creatok-analyze-video
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill code and instructions are transparent and align with the stated purpose of video analysis.
- [DATA_EXFILTRATION]: The skill transmits the input TikTok URL to the vendor's official API for processing, which is the expected and documented behavior.
- [COMMAND_EXECUTION]: The skill uses Node.js to create and manage an internal artifact directory structure for storing transcripts and metadata.
- [PROMPT_INJECTION]: Potential indirect prompt injection surface identified. 1. Ingestion point: Video data fetched from CreatOK API in lib/analyze-video.js. 2. Boundary markers: No delimiters or ignore instructions found in SKILL.md. 3. Capability inventory: File system writes in lib/artifacts.js and network access in lib/creatok-client.js. 4. Sanitization: No explicit filtering or validation of API content before processing. This is evaluated as a low-risk surface given the trusted nature of the primary service.
Audit Metadata