@554/video

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses exec(open(...).read()) in SKILL.md to load and run its internal Python scripts (generate_video.py, publish_asset.py, poll_status.py). This is a standard pattern within the Starchild environment for modular skill execution.
  • [EXTERNAL_DOWNLOADS]: generate_video.py and poll_status.py download generated video files from fal.ai's public CDN (https://*.fal.media/...) to the local output/videos/ directory.
  • [EXTERNAL_DOWNLOADS]: publish_asset.py allows downloading files from user-provided URLs to output/fal_assets/ to prepare them for video generation input.
  • [DATA_EXPOSURE]: The skill uses a local proxy (http://sc-proxy.internal:8080) to handle API requests. While it includes a placeholder key (fake-falai-key-12345), the documentation explains that the actual FAL_KEY is injected by the proxy, following secure credential management practices.
  • [SAFE]: The infrastructure communicates with well-known services (fal.ai) and internal project proxies. All file operations are restricted to the output/ directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 06:59 AM
Security Audit — agent-trust-hub — @554/video