films-search

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill manages its own Python environment by downloading the cloudscraper package from the official Python Package Index (PyPI). This library is used to perform deep extraction of links from pages that may have bot protection.
  • [COMMAND_EXECUTION]: The orchestration logic in film-search.js executes external scripts and binaries using execFile and execFileAsync rather than a generic shell execution. This method passes arguments as an array, which prevents command injection vulnerabilities by ensuring user input is not interpreted as shell commands.
  • [COMMAND_EXECUTION]: To safely handle non-ASCII keywords and prevent shell character issues, the skill writes user-provided search terms to a temporary text file. It then passes the file path (prefixed with @) to the underlying search processes, ensuring robust data handling across different operating systems.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to search engines (Baidu) and various cloud drive domains (Quark, Alipan, Baidu Pan, UC) to retrieve and verify publicly shared movie and TV links.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — films-search