founder-video
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a transparent wrapper for the Pexo video generation service. Its behavior is consistent with its stated purpose of delegating video production to a hosted backend.
- [COMMAND_EXECUTION]: The skill utilizes a suite of local shell scripts to perform tasks such as project creation, asset polling, and file uploading. These scripts use standard tools like 'curl' and 'jq' to interact with the vendor's API in a secure and predictable manner.
- [EXTERNAL_DOWNLOADS]: Generated media assets are downloaded from the vendor's infrastructure to a local temporary directory (~/.pexo/tmp/) for delivery to the user. The download process includes basic filename sanitization to prevent directory traversal issues.
- [CREDENTIALS_UNSAFE]: The skill provides clear instructions for managing API keys through a local configuration file (~/.pexo/config). No hardcoded secrets or sensitive system files are accessed beyond the skill's own configuration.
- [PROMPT_INJECTION]: The instructions focus on relaying user requests to the service backend and do not contain attempts to override agent safety protocols or hide actions from the user. Technical documentation regarding error handling was correctly identified as benign.
Audit Metadata