video-assemble

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run (wrapped in a run_cmd utility) to execute ffmpeg and ffprobe for media processing. These calls use list-based arguments, which is a secure practice to prevent shell injection.
  • [DATA_EXPOSURE]: File access is restricted to the input video, audio segments, and configuration JSONs required for the assembly process. The skill implements path validation (e.g., validate_draft_name) to prevent directory traversal during the JianYing draft export process.
  • [EXTERNAL_DOWNLOADS]: The configuration in lib.py references official domains for the Xiaomi MiMo service (xiaomimimo.com). These are well-known service endpoints used for optional ASR, VLM, and TTS capabilities and do not represent a security threat.
  • [REMOTE_CODE_EXECUTION]: No remote script downloads or dynamic code execution patterns (like eval or exec) were found in the codebase. All logic is contained within the provided local scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:55 AM
Security Audit — agent-trust-hub — video-assemble