flyworks-avatar-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from users (text, audio, and images) that is then processed by an external API. This creates a surface for injection where malicious instructions in the input could attempt to influence agent behavior. \n
- Ingestion points: The
create_video(--text,--audio),create_talking_photo(--image), andclone_voice(--audio) tools inscripts/hifly_client.py. \n - Boundary markers: None documented; the tool interface does not specify delimiters to isolate user content. \n
- Capability inventory: The skill performs network requests and file operations. \n
- Sanitization: Not verifiable as the logic resides in the external
hifly_client.pyscript.\n- Data Exfiltration (LOW): The skill communicates withhfw-api.hifly.cc. While this is the legitimate service endpoint, it is not on the trusted domain whitelist, and communication involves transmitting user-provided data externally.\n- Command Execution (LOW): The skill's primary function is executed via a Python script (scripts/hifly_client.py) called with user-supplied arguments. This is a standard pattern for agent skills but relies on the script to safely handle these inputs.\n- External Downloads (LOW): Installation instructions reference a non-whitelisted GitHub repository (Flyworks-AI/skills). Although the organization is untrusted, the severity is kept at LOW as this is the primary source for the skill's own code.
Audit Metadata