Skills
skills/postplusai/postplus-skills/broll-catalog-builder/Gen Agent Trust Hub

broll-catalog-builder

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local media utilities to process assets. The script run_build_broll_catalog.mjs runs ffprobe to extract metadata such as duration and dimensions from video and image files. Additionally, download_videos_from_manifest_with_ytdlp.mjs spawns a python3 process to execute the yt_dlp module for downloading media assets.
  • [EXTERNAL_DOWNLOADS]: The skill includes functionality to download video content from remote URLs specified in a manifest file using yt_dlp. It also performs network requests to the vendor's cloud platform (e.g., api.postplusai.com) to manage authentication, billing, and hosted media generation tasks.
  • [CREDENTIALS_UNSAFE]: The shared library postplus_cli_config.mjs retrieves authentication tokens from the local filesystem. It accesses the vendor's dedicated configuration directories (such as ~/.config/postplus/config.json, AppData/Roaming/postplus, or Library/Application Support/postplus) to manage CLI session state and API connectivity.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — broll-catalog-builder