alibabacloud-maxframe-video-frame-pipeline

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/frame_extraction_minimal.py and references/frame_extraction.md to execute ffmpeg and ffprobe for video processing. This is a standard and expected part of the skill's functionality. The implementation follows best practices by using a list of arguments (avoiding shell interpolation) and includes validation to ensure input paths start with the authorized OSS root prefix.
  • [CREDENTIALS_UNSAFE]: The skill handles sensitive credentials including ODPS_ACCESS_ID, ODPS_ACCESS_KEY, OSS_ACCESS_KEY_ID, and OSS_ACCESS_KEY_SECRET. The instructions and provided scripts correctly manage these by reading from environment variables via os.environ or .env files rather than hardcoding them. The requirement to pass OSS credentials in the storage_options parameter for AI FUNC calls is explicitly documented as a technical requirement for the inference service to access data.
  • [DATA_EXFILTRATION]: While the skill performs network operations to Alibaba Cloud services (OSS, ODPS, and AI FUNC catalog endpoints), these are consistent with the skill's stated purpose and use official SDKs and authenticated endpoints. No unauthorized data exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 11:31 AM
Security Audit — agent-trust-hub — alibabacloud-maxframe-video-frame-pipeline