varg-ai
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats were identified. The skill's behavior is consistent with its stated purpose of facilitating AI media generation through the varg SDK.
- [COMMAND_EXECUTION]: The skill instructions and setup script utilize
bunandbunxto manage dependencies and execute the rendering CLI tool. These operations are restricted to the skill's own environment and are required for its primary functionality. - [EXTERNAL_DOWNLOADS]: Network operations are directed towards well-known AI service providers (fal.ai, elevenlabs.io) and the vendor's own gateway (api.varg.ai) for legitimate asset generation and account management.
- [DATA_EXFILTRATION]: API keys are accessed from environment variables for authentication with authorized endpoints. No patterns of unauthorized credential harvesting or sensitive file access were found.
- [PROMPT_INJECTION]: The skill processes user-supplied strings for media generation prompts. While this represents a potential surface for indirect prompt injection, it is inherent to the intended use case of the tool and is managed by the downstream AI providers' own safety protocols.
- Ingestion points: User-provided text strings interpolated into media generation functions in
SKILL.mdandtemplates.md. - Boundary markers: Not explicitly defined in templates; the skill relies on model-level sanitization.
- Capability inventory: Subprocess execution via
bunx vargai, file write for render logs, and network access toapi.varg.ai. - Sanitization: Standard string interpolation into JSON payloads for external API calls.
Audit Metadata