vidu-video
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill presents an Indirect Prompt Injection surface (Category 8) by accepting untrusted user prompts and passing them to external tools.\n
- Ingestion points: The 'prompt' parameter in the submit_task tool call defined in SKILL.md.\n
- Boundary markers: None; there are no delimiters or instructions to isolate user input from the agent's instructions.\n
- Capability inventory: The submit_task tool involves network calls to the external fal-ai service and produces external media outputs.\n
- Sanitization: No input validation or filtering of the user prompt is specified.\n- [DATA_EXFILTRATION] (LOW): The skill performs network operations to a non-whitelisted external domain (fal-ai) as part of its core video generation functionality.
Audit Metadata