broll-story
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/make_broll_story.pyinvokes external tools includingffmpeg, thehiggsfieldCLI, and other Python-based skill scripts viasubprocess.run. All calls use list-based arguments rather than shell strings, adhering to security best practices for command execution. - [EXTERNAL_DOWNLOADS]: The orchestrator uses
curlto download completed video files from URLs returned by thehiggsfieldservice. This is a standard operational step for retrieving media generated by external AI services. - [PROMPT_INJECTION]: The skill accepts user-supplied scripts and integrates them into storyboard prompts for the
gpt-image-2skill. This pattern is intrinsic to the skill's purpose as a creative orchestrator.
Audit Metadata