video-designer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The scripts
scripts/get_example_path.pyandscripts/time_validation.pydynamically modifysys.pathusing deeply nested parent directory references (parents[4]andparent.parent.parent.parent.parent). This allows for the loading of Python modules from computed paths outside the immediate skill directory, which is a potential vector for executing unintended code if the environment is compromised. - [Data Exposure & Exfiltration] (MEDIUM): The script
scripts/get_example_path.pyaccepts a--topicargument that is directly interpolated into a file path string. This lack of sanitization creates a path traversal vulnerability, allowing a user to potentially probe the existence of files or directories outside the designated base output path. - [Data Exposure & Exfiltration] (MEDIUM): The script
scripts/time_validation.pyprovides a--fileparameter that allows the user to specify an arbitrary path for the script to open and parse as JSON. This provides a mechanism for reading sensitive data from the local filesystem if it is in JSON format. - [Prompt Injection] (LOW): The file
references/hook-guidelines.mduses high-pressure, imperative language and strong override markers (e.g., "VIOLENCE, NOT ELEGANCE", "THE ONLY RULE THAT MATTERS", "EXPLODE"). Although these are intended as creative directions for video hooks, they mirror techniques used in adversarial prompt injections to bypass safety constraints. - [Indirect Prompt Injection] (LOW): The
scripts/time_validation.pyscript presents a surface for indirect prompt injection via the processing of untrusted data. - Ingestion points:
load_design_datareads element and animation definitions from external JSON files specified via CLI arguments or configuration files. - Boundary markers: None; the script directly parses the JSON content without validation markers.
- Capability inventory: File system read access and the ability to print results to the terminal.
- Sanitization: None; there is no evidence of sanitization or escaping of the ingested JSON data before it is used in logic or printed to the console.
Audit Metadata