seedance-20

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a utility script, scripts/extract_last_frame.py, which uses the subprocess module to execute ffmpeg for extracting the final frame of an accepted video take. This is a functional requirement for the skill's stateful continuation workflow, ensuring visual continuity between clips. The command is constructed using a list of arguments rather than a raw string, effectively mitigating potential command injection risks.
  • [EXTERNAL_DOWNLOADS]: The documentation and reference library (e.g., references/api-status.md) contain numerous links to official platform documentation and well-known services, including ByteDance (Seed, Volcengine, BytePlus), Runway, and fal.ai. These links are provided for informational and status verification purposes and are handled in accordance with the trusted service recognition rules.
  • [SAFE]:
  • The skill incorporates standard developer utilities such as scripts/eval_run.py, which performs network requests to api.anthropic.com for model-in-the-loop scoring. This behavior is transparently documented and serves as a semantic quality gate for the skill package.
  • The installation utility scripts/install_codex_skill.py performs standard local file operations to copy the repository content into the agent's environment, following established agent-skill packaging conventions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 09:48 AM
Security Audit — agent-trust-hub — seedance-20