video-director
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the
concatenate_videostool which relies on FFmpeg for file processing. There is a risk of shell command injection if thevideo_pathsparameter is not strictly validated and sanitized before being passed to the system shell. - PROMPT_INJECTION (MEDIUM): The skill exhibits an Indirect Prompt Injection surface. It ingests untrusted user data via prompts for image and video generation which are then used in multi-step workflows.
- Ingestion points: User-provided strings in
generate_imageandgenerate_videotools (README.md). - Boundary markers: Absent. The skill does not appear to use delimiters or 'ignore' instructions for the processed prompts.
- Capability inventory: Subprocess execution via FFmpeg (
concatenate_videos), file system write/read operations (save_workflow_state,load_workflow_state), and external API calls (Google Veo/Imagen). - Sanitization: Absent. There is no evidence of input escaping or validation for the prompt strings before they are processed by tools.
- CREDENTIALS_UNSAFE (LOW): The troubleshooting section includes placeholders for
GOOGLE_API_KEYandANTHROPIC_API_KEY. While these are currently safe placeholders, it encourages users to store secrets in potentially unencrypted.envfiles.
Audit Metadata