film-creator
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation directs users to clone a repository from a personal GitHub account (
Y1fe1-Yang/film-creator-skill) that is not a verified organization or a well-known service. - [REMOTE_CODE_EXECUTION]: The skill workflow involves downloading external code from a non-trusted source and executing it on the local system, which is a high-risk pattern for executing potentially malicious scripts.
- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run local scripts (e.g.,
scripts/create_film.js). These scripts are used to process user input without visible sanitization. - [COMMAND_EXECUTION]: There is a potential command injection vulnerability as user-provided text prompts are interpolated directly into shell command arguments. An attacker could craft a prompt with shell metacharacters to execute arbitrary code.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface. It ingests untrusted user prompts and uses them as inputs to high-capability tools like Bash without implementing boundary markers or escaping logic.
Audit Metadata