Skills
skills/openclaw/skills/omnihuman-video/Gen Agent Trust Hub

omnihuman-video

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWNO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill provides instructions for handling external data via URLs (image_url, audio_url). This creates a standard ingestion surface for untrusted content. However, because the skill lacks local code execution capabilities (such as Python scripts or shell commands) and does not interact with sensitive local files, the risk is limited to the security of the downstream service.
  • Ingestion points: image_url and audio_url parameters within the submit_task tool call.
  • Boundary markers: None specified in the markdown instructions.
  • Capability inventory: The skill is restricted to triggering external API tasks; it has no file-system access or dynamic execution capabilities.
  • Sanitization: Not defined in the skill; implementation depends on the underlying agent's tool-calling logic.
  • Metadata Analysis (SAFE): The _meta.json and YAML frontmatter contain standard descriptive information consistent with the skill's stated purpose.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 05:00 AM