Skills
skills/pawbytes/skill-suites/paw-cra-agent-video-producer/Gen Agent Trust Hub

paw-cra-agent-video-producer

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on system-level tools including ffmpeg for video assembly and curl for API interactions. It also utilizes vendor-specific CLI tools like egaki and OpenShorts to perform specialized video processing tasks.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with well-known external service providers to generate assets. This includes fetching video clips from fal.ai, generating audio via ElevenLabs, and sourcing stock footage from Pexels.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-provided scripts and web research data to drive video generation and command parameters.
  • Ingestion points: User-provided scripts, storyboard concepts, and external research findings synthesized at runtime.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands were identified in the processing of external scripts.
  • Capability inventory: The skill has extensive capabilities including shell command execution (ffmpeg), network requests (curl), and file system writes within the project directory.
  • Sanitization: No validation or escaping of script content before its use in generation prompts or command construction was observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 09:36 AM