muapi-social-media-video
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash orchestrator (
scripts/run-social-video.sh) to execute local scriptscore/media/generate-image.shandlibrary/motion/seedance-2/scripts/generate-seedance.sh. This is the core mechanism for managing the video production pipeline.\n- [EXTERNAL_DOWNLOADS]: The orchestration script utilizescurlto retrieve generated image files from remote URLs. These URLs are dynamically provided by the image generation tool during the workflow.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests content from external files (brand-identity.md,ICP.md,messaging.md) and incorporates that data into prompts for downstream image and video generation tools.\n - Ingestion points: Local brand identity, ICP, and messaging markdown files.\n
- Boundary markers: Absent from the prompt construction phase.\n
- Capability inventory: Execution of image and video generation scripts via the system shell.\n
- Sanitization: No explicit sanitization of the input file content was detected.
Audit Metadata