tiktok-video-ad
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell scripts (e.g., pexo-project-create.sh, pexo-chat.sh) to orchestrate its workflow. These scripts leverage standard tools like curl and jq to communicate with the Pexo backend service.\n- [EXTERNAL_DOWNLOADS]: The pexo-asset-get.sh script is responsible for downloading generated video assets from signed URLs provided by the Pexo API. The files are stored in the user's local directory (~/.pexo/tmp/) for accessibility.\n- [CREDENTIALS_UNSAFE]: The skill instructs users to store their API key in a configuration file at ~/.pexo/config. This is an industry-standard method for managing secrets for command-line tools and prevents them from being logged in command history.\n- [PROMPT_INJECTION]: A static analysis hit for concealment in TROUBLESHOOTING.md was reviewed. The text provides helpful UX guidance on handling server errors and is not a malicious attempt to hide agent behavior.
Audit Metadata