pixverse-ai-image-and-video-generator
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill periodically checks for updates by fetching version strings from the official PixVerseAI GitHub repository. This is a standard and safe maintenance procedure for developer tools.
- [COMMAND_EXECUTION]: Runs the 'pixverse' CLI to generate media and uses system utilities like 'ffmpeg' and 'imagemagick' to manipulate video files. These operations are essential for the skill's media processing capabilities.
- [COMMAND_EXECUTION]: Includes scripts for version management ('check-update.sh' and 'update.sh') that allow the agent to keep the skill repository synchronized with the official source.
- [DATA_EXFILTRATION]: Allows users to upload local assets and HTTPS URLs to the PixVerse cloud for AI processing. The skill includes necessary security warnings advising users to avoid providing sensitive or confidential files.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted text and image data through AI generation models. Ingestion points: Prompt and image arguments in creation commands (e.g., in SKILL.md and create-video.md). Boundary markers: None identified. Capability inventory: Subprocess calls to the 'pixverse' CLI, 'ffmpeg', and 'imagemagick'. Sanitization: Validation and safety filtering are handled by the vendor's API backend.
Audit Metadata