byted-byteplus-vod-video-enhancement
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by implementing strict file path validation in
scripts/upload.py. This ensures that only files within permitted directories (such as the workspace,/tmp, or user-specified allowed directories) can be uploaded, protecting against unauthorized file access or directory traversal attacks. - [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. Access keys and secret keys are managed through environment variables and marked as secrets in the skill configuration, which is the standard and recommended practice for secret management.
- [COMMAND_EXECUTION]: The skill does not perform arbitrary shell command execution. It uses Python scripts that interact with official BytePlus/Volcengine APIs using standard libraries like
requests. - [DATA_EXFILTRATION]: Network communication is restricted to legitimate service endpoints (
vod.byteplusapi.comorvod.volcengineapi.com). There are no suspicious data transfers to unknown or untrusted third-party servers.
Audit Metadata