creative-director
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill requires processing untrusted external data (MP3 files, audio URLs, and lyric text). While the current capabilities are limited to generating JSON storyboards, this represents an ingestion point where an attacker could embed instructions within lyrics or audio metadata to influence the agent's reasoning or the resulting storyboard output.
- [EXTERNAL_DOWNLOADS] (INFO): The workflow mentions providing an 'audio URL' as input. While the skill itself does not contain hardcoded download commands, the agent's environment may fetch this remote content for analysis. There are no known malicious URLs in the provided files.
- [NO_CODE] (SAFE): No executable scripts (.py, .js, .sh) or configuration files with command execution were found in the skill package.
Audit Metadata