video-voiceover
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runwithin a wrapper function to executeffmpegandffprobefor media processing. All commands are passed as argument lists rather than shell strings, which effectively prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The scripts make network requests to the MiMo API (
api.xiaomimimo.comand related clusters) to perform its core functions of TTS and ASR. These operations are consistent with the skill's documented purpose. - [CREDENTIALS_UNSAFE]: Security keys (like
MIMO_API_KEY) are retrieved from environment variables and are not hardcoded in the scripts. This follows standard security best practices for credential management. - [DATA_EXPOSURE]: The skill accesses local video and audio files in a user-specified work directory. This access is necessary for processing the media and is restricted to the intended task.
Audit Metadata