skills/broomva/skills/ltx-video/Gen Agent Trust Hub

ltx-video

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The setup scripts 'setup-ltx.sh' and 'setup-ltx-wsl2.sh' download and execute the 'uv' package manager installer from the official Astral domain via a shell pipe.- [COMMAND_EXECUTION]: The 'ltx-server.py' script uses 'asyncio.create_subprocess_exec' to run the video generation pipeline and 'subprocess.run' to query GPU status through 'nvidia-smi'. While it avoids shell injection by passing arguments as a list, the server accepts a 'config' path from the request without strict directory validation.- [EXTERNAL_DOWNLOADS]: The skill automates the retrieval of large model weights and text encoders from Hugging Face and clones the official Lightricks LTX-2 repository and other community-maintained ports for Apple Silicon.- [DATA_EXFILTRATION]: The video generation server defaults to binding on '0.0.0.0:8420', which makes the API and any generated video assets accessible to other devices on the same network interface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:16 PM
Security Audit — agent-trust-hub — ltx-video