pixel-art

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pixel_art_video.py uses subprocess.run to call the ffmpeg command-line utility. This is a standard and necessary operation for the skill's core functionality of converting generated PNG frames into MP4 or GIF formats. The implementation is safe as it passes arguments as a list, avoiding shell interpolation and mitigating command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references a public GitHub repository (Synero/pixel-art-studio) as the source for palettes and animation logic. The analysis confirms that no code or data is fetched from the internet at runtime; all necessary logic and assets are bundled within the skill files.
  • [SAFE]: The skill operates as described, performing image processing and video generation on local files. It does not access sensitive user data, hardcode credentials, or engage in suspicious network activities. Dependencies (Pillow and ffmpeg) are industry-standard tools for these tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:44 PM
Security Audit — agent-trust-hub — pixel-art