kling-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill manages media files using the authorized
reflyCLI. Downloads are directed to the user's Desktop, which is appropriate for a file-generation utility. - [Command Execution] (SAFE): Execution patterns use standard shell commands (
jq,echo,open) and the platform's ownreflybinary to handle video generation workflows. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted text through the
video_promptinput. Mandatory Evidence Chain: (1) Ingestion points:video_promptfield inSKILL.md; (2) Boundary markers: Absent in the input schema; (3) Capability inventory:refly skill run,refly file download, and shell execution; (4) Sanitization: None detected. The risk is low as the capabilities are focused on media generation and the impact of injection is limited to the content of the generated video.
Audit Metadata