Skills
skills/echosell/creatok-skills/creatok-recreate-video/Gen Agent Trust Hub

creatok-recreate-video

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external TikTok content that is then used to guide the agent's creative output.\n
  • Ingestion points: External data enters the context through video analysis results (transcripts and vision data) fetched by the client.analyze method in lib/analyze-video.js.\n
  • Boundary markers: The skill does not use specific delimiters or instructions to help the model distinguish between video analysis data and its own system instructions.\n
  • Capability inventory: The skill has capabilities to perform network requests via fetch in lib/creatok-client.js and write files to the local disk using lib/artifacts.js.\n
  • Sanitization: There is no evidence of sanitization or filtering of the content returned from the external API before it is passed to the LLM context.\n- [DATA_EXFILTRATION]: The skill transmits the user-provided TikTok URL and creative constraints to the CreatOK API at https://www.creatok.ai. This is a documented and functional requirement of the skill's operation as a bridge to the CreatOK service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:01 AM