qwen-video
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The scripts
generate.sh,poll.sh, andsubmit.shall usecurl -k(or--insecure) to communicate with the DashScope API and download media files. This bypasses SSL certificate validation, making the communication vulnerable to interception and modification by attackers. - [COMMAND_EXECUTION] (MEDIUM): In
submit.sh, the JSON request body is constructed by manually concatenating shell variables like$PROMPTand$AUDIO_URL. This lacks proper escaping, allowing a malformed or malicious prompt to break the JSON structure or potentially influence the API request in unintended ways. - [CREDENTIALS_UNSAFE] (LOW): The skill requires the
DASHSCOPE_API_KEYenvironment variable. While the key is not hardcoded, the scripts' use of insecurecurlcalls means this secret is transmitted without verified encryption, increasing the risk of credential theft. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data handling practices.
- Ingestion points: User-provided strings in
--promptand--audio-urlarguments. - Boundary markers: None; inputs are directly embedded into JSON strings.
- Capability inventory: Network requests and file-system writes via
curlandmkdir. - Sanitization: No escaping or validation is performed on the input variables before they are used in commands or payloads.
Audit Metadata