broll-story

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/make_broll_story.py invokes external tools including ffmpeg, the higgsfield CLI, and other Python-based skill scripts via subprocess.run. All calls use list-based arguments rather than shell strings, adhering to security best practices for command execution.
  • [EXTERNAL_DOWNLOADS]: The orchestrator uses curl to download completed video files from URLs returned by the higgsfield service. This is a standard operational step for retrieving media generated by external AI services.
  • [PROMPT_INJECTION]: The skill accepts user-supplied scripts and integrates them into storyboard prompts for the gpt-image-2 skill. This pattern is intrinsic to the skill's purpose as a creative orchestrator.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM