Skills
skills/outscal/video-generator/video-creator/Gen Agent Trust Hub

video-creator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Path Traversal Vulnerability.
  • Multiple utility scripts (scripts/video-status.py, scripts/path_manager.py, scripts/get_video_step_metadata.py, and scripts/validate_json.py) take a --topic argument and use it directly to construct file system paths using string concatenation or pathlib.Path arithmetic (e.g., Path(base_dir) / topic / "video-status.json").
  • In resume-video.md and execute-video-step.md, the agent is explicitly instructed to ask the user for a topic name if one is not provided. An attacker can provide a string like ../../ to access sensitive files elsewhere on the system.
  • [DATA_EXFILTRATION] (MEDIUM): Unauthorized File Access.
  • The scripts/list-topics.py script enumerates directories. When coupled with the path traversal vulnerability, this can be exploited to map the file system structure.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
  • Ingestion points: steps/user-input-step.md (Step 2) collects a script of up to 2000 characters from the user.
  • Boundary markers: Absent. The user-provided script is interpolated into prompts for subagents without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill invokes subagents like content_scene_generator to generate React TSX code (steps/code-step.md) and asset_generator to create SVGs (steps/assets-step.md).
  • Sanitization: Absent. There is no evidence of filtering or escaping the user's script before it is processed by the AI pipeline.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:05 PM