video-presentation-maker
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to run bundled shell scripts (
scripts/poll-kling-videos.sh,scripts/x402-api-call.sh) and a local Node.js utility (fluxa-wallet/scripts/fluxa-cli.bundle.js). These tools are used for polling video status, signing payments, and managing API interactions. The agent also uses subagents to execute Bash commands locally. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user data.
- Ingestion points: Document content provided by the user in Phase 1.1.
- Boundary markers: Absent; user document content is directly interpolated into prompt templates for image and video generation without the use of delimiters or 'ignore' instructions.
- Capability inventory: The agent can execute Bash commands (via the Task tool), perform network requests, and manage local files.
- Sanitization: No sanitization or validation is applied to user-provided data before it is processed into prompts or command payloads.
Audit Metadata