startup-video

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were identified during the analysis. The skill acts as a legitimate bridge to the Pexo API.
  • [COMMAND_EXECUTION]: The skill uses local shell scripts to perform network operations and file management. These scripts are restricted to their intended purpose of interacting with the Pexo service.
  • [CREDENTIALS_UNSAFE]: The skill instructs users to store their PEXO_API_KEY in a local configuration file (~/.pexo/config). This is a standard and safe practice for CLI-based tools to manage authentication.
  • [DATA_EXFILTRATION]: Network operations are limited to the vendor's official domain (pexo.ai). There are no indications of unauthorized data transmission to third-party or suspicious servers.
  • [PROMPT_INJECTION]: While the skill relays user requests to an external API, it does so within the scope of its documented functionality. A manual review of the static analysis flags indicates they are false positives related to standard error reporting instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:14 AM
Security Audit — agent-trust-hub — startup-video