skills/pexoai/pexo-skills/video-ad/Gen Agent Trust Hub

video-ad

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a transparent relay to the Pexo API. All sensitive operations, such as asset uploads and project management, are performed using standard shell utilities (curl, jq) directed at the official vendor domain (pexo.ai).
  • [COMMAND_EXECUTION]: The skill utilizes a suite of local helper scripts to manage its workflow. These scripts are implemented with proper error handling and input validation (e.g., checking file existence and media types before processing).
  • [EXTERNAL_DOWNLOADS]: The skill retrieves generated media files from signed URLs provided by the backend. Files are stored in a designated local temporary directory (~/.pexo/tmp/).
  • [CREDENTIALS_UNSAFE]: The skill correctly manages user credentials by reading them from a configuration file (~/.pexo/config) rather than using hardcoded values. Documentation provides clear instructions for users to manage their own API keys.
  • [PROMPT_INJECTION]: The static analysis flag regarding instruction concealment was determined to be a false positive. The referenced documentation simply describes standard error reporting behavior (printing JSON to stderr), which is routine for CLI-based tools and does not constitute a security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:14 AM
Security Audit — agent-trust-hub — video-ad