byted-byteplus-vod-precision-erasure
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill securely handles authentication using environment variables (
BYTEPLUS_ACCESSKEY,BYTEPLUS_SECRETKEY) and does not contain hardcoded credentials or secrets in its scripts or metadata. - [SAFE]:
scripts/upload.pyincludes a robust path validation function (_validate_local_path) that restricts file uploads to the current workspace, temporary directories, or specified allowed paths, effectively preventing unauthorized access to sensitive system files like SSH keys or environment configuration. - [EXTERNAL_DOWNLOADS]: The skill communicates with official BytePlus API endpoints (
vod.byteplusapi.com) and authorized storage hosts (TOS) to facilitate media uploads and job processing, which are recognized vendor-owned resources for the author (bytedance). - [PROMPT_INJECTION]: The instructions in
SKILL.mdare strictly operational and do not attempt to override agent safety protocols, bypass constraints, or use deceptive language to manipulate agent behavior.
Audit Metadata