Skills
skills/kjaylee/misskim-skills/game-video-ad-pipeline/Gen Agent Trust Hub

game-video-ad-pipeline

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate-video.py invokes ffmpeg and ffprobe using list-based arguments with the subprocess module. This approach prevents shell injection vulnerabilities. Critical inputs like the Steam game ID are validated to be strictly numeric before use.
  • [EXTERNAL_DOWNLOADS]: The skill downloads game metadata and screenshots from steampowered.com, a well-known and trusted service. The network operations use the standard urllib.request library with defined timeouts and appropriate headers.
  • [SAFE]: The skill does not exhibit any malicious behaviors such as data exfiltration, persistence, or obfuscation. Text from external sources (Steam storefronts) is safely rendered into static images via the Pillow library before being overlaid on the video, providing strong isolation against potential injection attacks in the video processing pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:03 AM