bangumi-frames
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The script executes
ffmpegandyt-dlpusing thesubprocess.runmethod with argument arrays. This prevents shell injection vulnerabilities by ensuring that user-provided inputs like URLs and time ranges are not interpreted as commands. All dynamic inputs are validated or cast to numeric types before inclusion in command arguments.\n- [EXTERNAL_DOWNLOADS]: The skill fetches anime person detection and character identity (CCIP) models from HuggingFace, as well as inpainting weights from GitHub releases. It also downloads video content from Bilibili. These downloads are documented, serve the skill's primary function, and target reputable, well-known services.\n- [CREDENTIALS_UNSAFE]: Authentication cookies are read from a predefined local path (~/bb_up/bb_cookies/www.bilibili.com_cookies.txt) or a user-provided file. These credentials are used specifically to authenticate Bilibili video downloads for high-resolution content and are not exfiltrated to any external third-party servers.
Audit Metadata