video-voiceover

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run within a wrapper function to execute ffmpeg and ffprobe for media processing. All commands are passed as argument lists rather than shell strings, which effectively prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The scripts make network requests to the MiMo API (api.xiaomimimo.com and related clusters) to perform its core functions of TTS and ASR. These operations are consistent with the skill's documented purpose.
  • [CREDENTIALS_UNSAFE]: Security keys (like MIMO_API_KEY) are retrieved from environment variables and are not hardcoded in the scripts. This follows standard security best practices for credential management.
  • [DATA_EXPOSURE]: The skill accesses local video and audio files in a user-specified work directory. This access is necessary for processing the media and is restricted to the intended task.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:55 AM
Security Audit — agent-trust-hub — video-voiceover