music-video-producer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted external data which creates an attack surface for indirect prompt injection.
- Ingestion points: Loads
scene-plan.jsonfrom thecreative-directoragent, video assets fromvideo-asset-manager, and lyrics from external files. - Boundary markers: Absent. There are no delimiters or system instructions to ignore embedded commands within these data sources.
- Capability inventory: The skill has the capability to execute shell commands (
npm,npx,node) and perform file system writes to build the project. - Sanitization: Absent. Data from the scene plan and lyrics are interpolated directly into the rendering components without validation.
- Dynamic Execution (MEDIUM): The workflow requires runtime compilation and bundling of React code via
npx remotion renderto generate the final video output. This execution of dynamically assembled code is a known risk vector for code injection if the source files are compromised. - External Downloads (LOW): The skill installs dependencies from npm (
remotion,@remotion/cli). These are widely recognized packages and the risk is downgraded per the trust scope rule, though they still represent an external dependency. - Command Execution (LOW): Routine use of subprocesses to run helper scripts (
convert_scene_plan.js) and build tools. While functional, it provides a vector for exploitation if arguments are not properly sanitized.
Audit Metadata