byted-byteplus-vod-precision-erasure

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill securely handles authentication using environment variables (BYTEPLUS_ACCESSKEY, BYTEPLUS_SECRETKEY) and does not contain hardcoded credentials or secrets in its scripts or metadata.
  • [SAFE]: scripts/upload.py includes a robust path validation function (_validate_local_path) that restricts file uploads to the current workspace, temporary directories, or specified allowed paths, effectively preventing unauthorized access to sensitive system files like SSH keys or environment configuration.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with official BytePlus API endpoints (vod.byteplusapi.com) and authorized storage hosts (TOS) to facilitate media uploads and job processing, which are recognized vendor-owned resources for the author (bytedance).
  • [PROMPT_INJECTION]: The instructions in SKILL.md are strictly operational and do not attempt to override agent safety protocols, bypass constraints, or use deceptive language to manipulate agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:19 AM
Security Audit — agent-trust-hub — byted-byteplus-vod-precision-erasure