video-script
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script uses the ffprobe utility to retrieve video duration for timeline alignment. The command is invoked with a static list of arguments and does not use a shell, preventing potential injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the Xiaomi MiMo API (api.xiaomimimo.com) to perform video analysis and quality reviews. These network operations are limited to the vendor's service endpoints and are essential for the skill's stated features.
- [PROMPT_INJECTION]: The skill ingests video analysis data such as ASR transcripts and scene descriptions in structured JSON format. It employs type validation and structured parsing to mitigate the risk of indirect prompt injection from external data sources.
Audit Metadata