klingai-audit-logging
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements security-conscious logging practices, including a tamper-evident audit chain using SHA-256 hashes to detect unauthorized modifications.
- [SAFE]: A sanitization mechanism is provided to redact sensitive keys such as API keys, tokens, and passwords from event metadata before they are written to logs.
- [DATA_EXFILTRATION]: Network operations are directed solely to the official Kling AI API endpoint (api.klingai.com) for video generation tasks, which is consistent with the skill's stated purpose and poses no risk of unauthorized data transfer.
- [PROMPT_INJECTION]: The skill handles untrusted user prompts in SKILL.md and references/audit-wrapped-client.md. These prompts enter the system as inputs to video generation functions (Ingestion point), which involve network POST requests to Kling AI and local file writes for logging (Capability inventory). Although no boundary markers are used to isolate prompt content, the risk is low because prompts are hashed for log storage (Sanitization) and are not processed locally in a way that could lead to command injection.
Audit Metadata