startup-video
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified during the analysis. The skill acts as a legitimate bridge to the Pexo API.
- [COMMAND_EXECUTION]: The skill uses local shell scripts to perform network operations and file management. These scripts are restricted to their intended purpose of interacting with the Pexo service.
- [CREDENTIALS_UNSAFE]: The skill instructs users to store their PEXO_API_KEY in a local configuration file (
~/.pexo/config). This is a standard and safe practice for CLI-based tools to manage authentication. - [DATA_EXFILTRATION]: Network operations are limited to the vendor's official domain (pexo.ai). There are no indications of unauthorized data transmission to third-party or suspicious servers.
- [PROMPT_INJECTION]: While the skill relays user requests to an external API, it does so within the scope of its documented functionality. A manual review of the static analysis flags indicates they are false positives related to standard error reporting instructions.
Audit Metadata