Video Generation
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements video generation capabilities using its designated SDK and CLI tools as intended. Analysis of the instructions and scripts reveals no evidence of malicious behavior, prompt injection, or unauthorized data access.
- [COMMAND_EXECUTION]: The skill utilizes a vendor-specific CLI tool (
z-ai) for task management. This usage is transparently documented and consistent with the skill's purpose. - [EXTERNAL_DOWNLOADS]: The skill depends on the
z-ai-web-dev-sdkpackage. This dependency is authored by the vendor and is necessary for the skill's core functionality. - [PROMPT_INJECTION]: The skill processes user-provided text prompts and images, creating a potential surface for indirect prompt injection.
- Ingestion points:
promptandimage_urlparameters in generation functions. - Boundary markers: Absent in the provided code examples.
- Capability inventory: Remote API calls for task creation and polling; local file access for reading image data.
- Sanitization: Not implemented in the example code.
Audit Metadata