Trust Assessment
video received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Unescaped user prompt in JSON payload, Unvalidated VIDEO_URI used in curl download, potential API key leakage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unescaped user prompt in JSON payload The user-provided `PROMPT` variable is directly interpolated into a JSON payload sent to the Google Veo API without proper JSON escaping. A malicious user could inject JSON syntax (e.g., `", "malicious_field": "value"`) or escape the string to perform prompt injection against the underlying AI model, potentially altering its behavior, extracting information, or causing malformed API requests. Before interpolating `PROMPT` into the JSON string, ensure it is properly JSON-escaped. This can be done using a utility like `jq -R . <<< "$PROMPT"` or a Python script `json.dumps(PROMPT)` to correctly handle special characters. | LLM | SKILL.md:87 | |
| HIGH | Unvalidated VIDEO_URI used in curl download, potential API key leakage The `VIDEO_URI` is extracted from the Google Veo API response and directly used as the source URL for a `curl -L` command. If an attacker can influence the API response (e.g., via prompt injection leading to a crafted `VIDEO_URI`), they could:
1. **Exfiltrate `GEMINI_API_KEY`**: By redirecting `curl` to an attacker-controlled server, the `x-goog-api-key` header containing `GEMINI_API_KEY` would be sent to the malicious server.
2. **Disclose Local Files**: By crafting `VIDEO_URI` to a `file:///` URL, `curl` could download arbitrary local files from the agent's filesystem into the `$OUTFILE` path. 1. **Validate `VIDEO_URI`**: Before using `VIDEO_URI`, ensure it starts with an expected and trusted domain (e.g., `https://storage.googleapis.com/`). Reject any other schemes (like `file://`) or untrusted domains. 2. **Remove API Key from Download**: The `x-goog-api-key` header is likely not required for downloading the video from a pre-signed URI. Remove `-H "x-goog-api-key: $GEMINI_API_KEY"` from the download `curl` command to prevent credential leakage. | Static | SKILL.md:143 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-media/skills/video/SKILL.md:1 | |
| LOW | Accessing parent directory for .env file The skill attempts to load `GEMINI_API_KEY` from a `.env` file located in the parent directory (`../.env`). While this is stated for 'monorepo support', accessing parent directories can be an excessive permission if the skill is not strictly designed for such a deployment, potentially exposing other sensitive environment variables if the `grep` pattern were less specific or if the parent directory contains other sensitive files. In this specific case, the `grep` pattern is narrow, limiting the immediate risk. 1. Confirm that accessing `../.env` is strictly necessary for all intended deployment scenarios. 2. If possible, configure the environment to provide `GEMINI_API_KEY` directly, or ensure `.env` files are only located within the skill's isolated directory. 3. Ensure the `grep` pattern remains highly specific to prevent accidental loading of other variables. | Static | SKILL.md:43 |
Scan History
Embed Code
[](https://skillshield.io/report/1ab15b960cd35554)
Powered by SkillShield