video-assemble
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.run(wrapped in arun_cmdutility) to executeffmpegandffprobefor media processing. These calls use list-based arguments, which is a secure practice to prevent shell injection. - [DATA_EXPOSURE]: File access is restricted to the input video, audio segments, and configuration JSONs required for the assembly process. The skill implements path validation (e.g.,
validate_draft_name) to prevent directory traversal during the JianYing draft export process. - [EXTERNAL_DOWNLOADS]: The configuration in
lib.pyreferences official domains for the Xiaomi MiMo service (xiaomimimo.com). These are well-known service endpoints used for optional ASR, VLM, and TTS capabilities and do not represent a security threat. - [REMOTE_CODE_EXECUTION]: No remote script downloads or dynamic code execution patterns (like
evalorexec) were found in the codebase. All logic is contained within the provided local scripts.
Audit Metadata