klingai-async-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill uses environment variables (
KLING_ACCESS_KEY,KLING_SECRET_KEY,KLINGAI_API_KEY) to manage authentication tokens, which is a recommended security practice for secret management. - [EXTERNAL_DOWNLOADS]: The skill communicates with
api.klingai.com, which is the official API endpoint for Kling AI, a well-known video generation service. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied prompts for video generation. While this presents a standard attack surface for indirect prompt injection, it is the primary purpose of the skill and the risk is mitigated by the agent's own safety guardrails.
- Ingestion points: User-supplied
promptvariable inSKILL.mdandreferences/workflow-implementation.md. - Boundary markers: Absent; prompts are directly interpolated into JSON request bodies.
- Capability inventory: Network requests via
requestsandaiohttplibraries to the Kling AI API. - Sanitization: No explicit sanitization of prompt text is performed before transmission.
Audit Metadata