arch-v
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or dangerous capabilities were identified in the skill. The orchestrator is a text-based workflow that does not interact with the underlying operating system or external networks.\n- [PROMPT_INJECTION]: The skill ingests user-provided text to generate video prompts, creating a surface for indirect prompt injection. However, it lacks the exploitable capabilities required to pose a risk.\n
- Ingestion points: User inputs for subjects, settings, actions, and audio descriptions are collected during the production paths in
SKILL.md.\n - Boundary markers: The skill uses structured output templates to organize components but does not explicitly use delimiters to isolate user-supplied descriptions.\n
- Capability inventory: No subprocess calls, execution of dynamic code (eval/exec), file-write operations, or network requests were found in the analyzed files.\n
- Sanitization: The
references/validation-rules.mdfile defines a comprehensive validation logic that checks for component presence and logical conflicts, providing a layer of oversight for input quality.
Audit Metadata