broll-cursor
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires standard media and automation libraries (playwright, Pillow) and fetches browser binaries from well-known official sources during setup. These are necessary for the skill's stated purpose of video rendering.
- [COMMAND_EXECUTION]: Subprocess calls to ffmpeg and ffprobe are used for video assembly and metadata extraction. The paths used in these commands are derived from local file names and internal logic, minimizing injection risks.
- [DATA_EXFILTRATION]: Analysis of the Python and JavaScript code shows no logic for exfiltrating sensitive data. Network operations are limited to initial environment setup.
- [REMOTE_CODE_EXECUTION]: Rendering is performed locally using a headless browser and a bundled HTML template. There is no evidence of dynamic remote script execution or unsafe data deserialization.
Audit Metadata