Skills
skills/postplusai/postplus-skills/editing-decision-engine/Gen Agent Trust Hub

editing-decision-engine

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external binaries such as ffmpeg for video fixture generation and python3 -m yt_dlp for downloading media assets. It also uses the open command on macOS to launch files for user review. These operations utilize array-based argument passing (via spawn and execFileSync), which effectively prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill performs remote downloads using yt-dlp to fetch video files and interacts with vendor-specific APIs for media generation and authentication refreshes. These network operations are directed at the vendor's infrastructure or whitelisted local addresses.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication by reading and refreshing session tokens stored in local configuration files (config.json) within platform-specific application data directories. These credentials facilitate secure communication with the vendor's cloud services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 09:31 PM
Security Audit — agent-trust-hub — editing-decision-engine