image-to-video
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected.
- [COMMAND_EXECUTION]: The skill uses local shell scripts to interact with the Pexo API. These scripts utilize standard system utilities like curl, jq, and file to perform network requests, parse JSON data, and identify media file types. This is expected and standard behavior for this type of integration.
- [DATA_EXFILTRATION]: All network activity is directed to the vendor's infrastructure at pexo.ai or authorized cloud storage providers via signed URLs. Sensitive credentials (API keys) are managed through a user-created configuration file at ~/.pexo/config, which follows standard secret management practices.
- [PROMPT_INJECTION]: The instructions in SKILL.md guide the agent to act as a relay between the user and the Pexo service. No patterns were found that attempt to bypass AI safety guidelines, extract system prompts, or override agent behavior maliciously. A static detector warning regarding concealment was found to be a false positive related to diagnostic functions that assist the user during errors.
Audit Metadata