sora
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches video, thumbnail, and spritesheet assets from OpenAI's official API endpoints using the authenticated SDK. This is the primary function of the skill and targets a well-known service.
- [COMMAND_EXECUTION]: Uses a bundled Python script (
scripts/sora.py) to interface with the Sora API. The script is used to create, poll, list, and download video jobs as directed by the agent's instructions. - [DATA_EXFILTRATION]: Facilitates the download of video assets from OpenAI's infrastructure to the local project environment. No sensitive local data is transmitted to unauthorized third-party domains.
- [CREDENTIALS_UNSAFE]: References the
OPENAI_API_KEYenvironment variable for authentication. The skill explicitly instructs the agent never to request the full key in chat and directs users to set it locally, adhering to standard security practices for secret management.
Audit Metadata