films-search
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages its own Python environment by downloading the
cloudscraperpackage from the official Python Package Index (PyPI). This library is used to perform deep extraction of links from pages that may have bot protection. - [COMMAND_EXECUTION]: The orchestration logic in
film-search.jsexecutes external scripts and binaries usingexecFileandexecFileAsyncrather than a generic shell execution. This method passes arguments as an array, which prevents command injection vulnerabilities by ensuring user input is not interpreted as shell commands. - [COMMAND_EXECUTION]: To safely handle non-ASCII keywords and prevent shell character issues, the skill writes user-provided search terms to a temporary text file. It then passes the file path (prefixed with
@) to the underlying search processes, ensuring robust data handling across different operating systems. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to search engines (Baidu) and various cloud drive domains (Quark, Alipan, Baidu Pan, UC) to retrieve and verify publicly shared movie and TV links.
Audit Metadata