ai-marketing-videos
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation includes an 'Explainer Video' workflow where a script generated by an LLM is directly used as input for subsequent video and audio generation tools. This architecture presents an indirect prompt injection risk, as the agent may inadvertently follow instructions embedded in the generated script content.\n
- Ingestion points: Model-generated output from a script generation step (saved to
script.json) is ingested by theinfsh/kokoro-ttstool in theSKILL.mdexample workflow.\n - Boundary markers: No delimiters or specific protective instructions are used to isolate the generated content from the agent's instructions.\n
- Capability inventory: The skill uses the
Bash(infsh *)tool to execute commands based on these inputs.\n - Sanitization: No sanitization or validation is applied to the generated script before it is processed by downstream tools.\n- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to manage video creation tasks. It provides examples of using shell loops and variable interpolation to dynamically construct and execute commands for theinfshutility.\n- [EXTERNAL_DOWNLOADS]: The skill includes examples that reference external media assets, such as a remote MP3 file, for integration into video projects.
Audit Metadata