@554/video
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
exec(open(...).read())inSKILL.mdto load and run its internal Python scripts (generate_video.py,publish_asset.py,poll_status.py). This is a standard pattern within the Starchild environment for modular skill execution. - [EXTERNAL_DOWNLOADS]:
generate_video.pyandpoll_status.pydownload generated video files from fal.ai's public CDN (https://*.fal.media/...) to the localoutput/videos/directory. - [EXTERNAL_DOWNLOADS]:
publish_asset.pyallows downloading files from user-provided URLs tooutput/fal_assets/to prepare them for video generation input. - [DATA_EXPOSURE]: The skill uses a local proxy (
http://sc-proxy.internal:8080) to handle API requests. While it includes a placeholder key (fake-falai-key-12345), the documentation explains that the actualFAL_KEYis injected by the proxy, following secure credential management practices. - [SAFE]: The infrastructure communicates with well-known services (fal.ai) and internal project proxies. All file operations are restricted to the
output/directory.
Audit Metadata