tgravity-work-video-indexer

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script executes local utilities such as ffmpeg and ffprobe to extract video metadata and generate contact sheets. These commands are constructed using list-based arguments without shell invocation, preventing command injection vulnerabilities.
  • [DATA_EXFILTRATION]: The skill operates entirely on local files within a user-provided workspace. It explicitly states that it does not use cloud services for processing unless the user provides specific authorization.
  • [SAFE]: Dynamic imports are used in the environment check function but are restricted to a hardcoded list of expected optional dependencies (pandas, openpyxl, Pillow, and Whisper), posing no security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 08:01 AM
Security Audit — agent-trust-hub — tgravity-work-video-indexer