Skills
skills/pawbytes/creative-agency-suites/paw-cra-video-shortform/Gen Agent Trust Hub

paw-cra-video-shortform

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in references/production.md and references/validation-export.md define shell command templates for ffmpeg, egaki, and curl that directly interpolate user-controlled variables.
  • Evidence:
  • In Step 5: egaki video --model veo-3.1 --prompt "{visual_description}" ... — The {visual_description} originates from the user brief or an AI-generated storyboard and is not sanitized before being placed in a shell command.
  • In Step 6: curl -X POST ... -d '{"text": "{voiceover_line}", ...}' — The {voiceover_line} (script content) is interpolated into a JSON payload within a curl command. Maliciously crafted script lines containing quotes or shell metacharacters could break out of the string literal.
  • In Step 8: ffmpeg ... -vf "subtitles=subs.srt:force_style='FontName={brand_font},...'" — The {brand_font} variable is loaded from local configuration files and inserted into a complex ffmpeg filter string, posing a risk if the configuration is compromised.
  • In Step 10: Filenames are generated using {topic-slug}, which is derived from user input. This could lead to path traversal or command injection if the slugging process is insufficient.
  • [DATA_EXFILTRATION]: The skill is designed to load and utilize sensitive API keys (fal_key, elevenlabs_api_key) from configuration files. While these are sent to the intended well-known services (fal.ai and ElevenLabs), the presence of command injection vulnerabilities significantly increases the risk that these credentials could be exfiltrated to an attacker-controlled server.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (user briefs and scripts) and uses it to drive high-privilege tools like ffmpeg and curl.
  • Ingestion points: references/pre-production.md (Step 1: Brief Intake).
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the user-provided brief.
  • Capability inventory: egaki (AI video generation), curl (API communication), ffmpeg (video processing), and file system writes for video assets and manifests.
  • Sanitization: Absent. There is no mention of escaping shell characters, validating input length, or filtering malicious patterns in the user-provided scripts or descriptions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 02:02 PM