produce-mv
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a structured workflow for MV production, including directory management, asset classification, and metadata generation. It operates within the designated /data/dongman/ environment and exhibits no signs of credential theft, malicious command execution, or unauthorized network operations.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted text from user-provided lyrics and scripts to generate AI prompts for video generation. Evidence: 1. Ingestion points: script/ and assets/ files; 2. Boundary markers: Absent; 3. Capability: Local file manipulation and task configuration for the Seedance API; 4. Sanitization: Absent. This finding is considered low risk and inherent to the skill's primary function.
Audit Metadata