Trust Assessment
sora received a trust score of 27/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 0 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Arbitrary File Read via `--input-image`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/pauldelavallaz/sora-video-gen/scripts/generate_video.py:31 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/pauldelavallaz/sora-video-gen/scripts/generate_video.py:31 | |
| HIGH | Arbitrary File Read via `--input-image` The `generate_video.py` script allows users to specify an `--input-image` path. The script then attempts to open and read this file using `PIL.Image.open()`. A malicious actor could provide a path to a sensitive file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `/proc/self/environ`) on the agent's filesystem. The content of this file, even if not a valid image, would be read into memory and then potentially sent to the OpenAI API as `input_reference`. This constitutes a direct data exfiltration vector. Implement strict validation for `input_image` paths. Restrict file access to a designated, sandboxed directory. Consider using a file picker or content ID instead of a direct path. If a path must be used, validate it against a whitelist of allowed directories and ensure it's not an absolute path or contains directory traversal sequences (`..`). | LLM | scripts/generate_video.py:50 | |
| HIGH | Arbitrary File Write via `--filename` The `generate_video.py` script allows users to specify an `--filename` for the output video. The script creates parent directories and then writes the generated video content to this path. A malicious actor could specify an arbitrary path on the agent's filesystem (e.g., `/etc/cron.d/malicious_job`, `~/.bashrc`, `/usr/local/bin/exploit.sh`) to write arbitrary content (the video bytes) to sensitive locations. This could lead to denial of service, privilege escalation, or command injection if the written file is later executed by the system. Implement strict validation for `filename` paths. Restrict file writes to a designated, sandboxed output directory. Ensure the path is not absolute and does not contain directory traversal sequences (`..`). Consider generating a unique filename within a secure temporary directory and returning its content or a secure link. | LLM | scripts/generate_video.py:87 | |
| INFO | Unpinned dependencies The `requires-python` and `dependencies` in the script header specify minimum versions (`>=`) rather than exact versions. While common, this practice can introduce supply chain risks if a new version of a dependency introduces a vulnerability or breaking change that is automatically pulled in. Pin dependencies to exact versions (e.g., `openai==1.2.3`) or use a lock file mechanism (e.g., `pip-tools`, `poetry.lock`) to ensure reproducible builds and prevent unexpected dependency updates. Regularly audit and update dependencies. | LLM | scripts/generate_video.py:3 |
Scan History
Embed Code
[](https://skillshield.io/report/91320a50d5feb84f)
Powered by SkillShield