Skills
skills/bytedance/agentkit-samples/byted-las-video-edit/Gen Agent Trust Hub

byted-las-video-edit

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill communicates with official Volcano Engine API endpoints (operator.las.*.volces.com) to perform its primary function of video editing.
  • [SAFE]: Credential management for the LAS_API_KEY is implemented using standard practices, allowing the secret to be loaded from environment variables or a local env.sh file as described in the documentation.
  • [SAFE]: The implementation in scripts/skill.py includes a dedicated SSRF (Server-Side Request Forgery) protection mechanism (_is_private_ip and _validate_url) that prevents the agent from being used to scan or access internal network addresses.
  • [SAFE]: Although the skill processes external data returned by the API (such as video dialogues and descriptions), this behavior is necessary for the skill's functionality and is handled through structured data reporting, posing minimal risk of indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 03:34 AM