video-recap
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator invokes local scripts (e.g., understand.py, cut.py, voiceover.py) and system tools (ffmpeg, ffprobe) via
subprocess.run. These executions are performed using list-based arguments, which is the recommended practice to prevent command injection vulnerabilities.\n- [EXTERNAL_DOWNLOADS]: The skill makes legitimate API requests to Xiaomi's MiMo platform (xiaomimimo.com) for ASR, VLM, and TTS capabilities. These external communications are restricted to well-known service endpoints required for the skill's primary functions.
Audit Metadata