produce-video
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a 'tool-agnostic' design floor. It specifically refuses to handle API keys or invoke rendering engines (e.g., Remotion, HeyGen) directly, instead emitting scaffolds for the operator to run in their own secure environment.
- [SAFE]: Utility scripts provided in the
scripts/directory (manifest-sync.tsandlog-critic-override.ts) utilize safe file-system operations. They include checks against path traversal (blocking '/' and '..') and refuse to operate on symlinked directories or files to prevent link-based attacks. - [PROMPT_INJECTION]: The skill processes user-supplied video briefs, which is a potential surface for indirect prompt injection. This is thoroughly mitigated by the 'Critic Agent' which enforces hard validation gates, ensuring all text is copied verbatim and that brand tokens are not fabricated.
- [EXTERNAL_DOWNLOADS]: The documentation references several well-known industry tools (Remotion, HyperFrames, Manim) and marketing research platforms (Socialinsider, Buffer, Rival IQ). These are documented for the operator's reference and do not involve automated or hidden downloads.
Audit Metadata